Healthcare Information Security

Patient Privacy

Tiger Team offers HITPC behavioral health recommendations

by Patrick Ouellette

The Office of the National Coordinator (ONC) Health Information Technology Policy Committee (HITPC) held its June meeting yesterday, where the Privacy and Security Tiger Team provided an update of its recent work. The Tiger Team has concentrated...

Colorado limits patient data access with new house bill

by Patrick Ouellette

Colorado recently introduced a new House Bill, titled Limits on Government Access to Personal Medical Information, regarding restrictions on the ability of a government entity to access an individual’s personal medical information. The...

Why IT security pros need health information privacy skills

by Patrick Ouellette

Healthcare privacy and security are inexorably linked, as the two terms are often referenced in tandem, but the need for privacy expertise shouldn’t be lost in the weeds as organizations look to beef up their security programs. Healthcare...

HHS, CMS issue new health exchange patient data privacy rules

by Patrick Ouellette

As part of President Barack Obama’s new final rule that will regulate Affordable Care Act (ACA) standards for patient protection, the Centers for Medicare & Medicaid Services (CMS) and Department of Health and Human Services (HHS) will...

Tiger Team closes in on behavioral health privacy recommendations

by Patrick Ouellette

As Cris Ewell, Seattle Children’s CISO, referenced in a recent interview with, there can be many layers of consent and technology issues when it comes to exchanging behavioral health data. One layer the Health IT Policy...

PCAST: Update health privacy frameworks for big data usage

by Patrick Ouellette

Will current privacy and security frameworks scale to the healthcare industry’s needs in the future? According to a recent President’s Council of Advisors on Science and Technology (PCAST) report, the modernization of the healthcare...

Privacy and Security Tiger Team gets behavioral health feedback

by Patrick Ouellette

The Health IT Policy Committee Privacy and Security Tiger Team engaged in further discussion on Monday around the Data Segmentation for Privacy (DS4P) as it relates to patient authorization within federally assisted substance abuse treatment...

Patient perspective on eHealth, mobile privacy and security

by Patrick Ouellette

According to recently-released results from a Ponemon Institute and Experian Data Breach Resolution report, there are still eHealth services and mobile application privacy and security questions among consumers and patients. The report, titled...

New Jersey explores health big data potential, privacy risks

by Patrick Ouellette

As different states explore the benefits of big data and healthcare IT analytics, the element of patient privacy is invariably raised as a concern. The most recent instance where the complex innovation v. privacy debate arose was at the “Big...

Security Industry Association releases new Privacy Framework

by Patrick Ouellette

Not that the healthcare industry is in dire need of security frameworks to reference in forming an IT security plan, as NIST recently released its voluntary framework, but the Security Industry Association (SIA) recently released its updated...

St. Peter’s University Hospital uses patient identity matching

by Nicole Freeman

Saint Peter’s University Hospital in New Brunswick, New Jersey has signed a three-year contract with Malta Systems to fully-implement the technology company’s Privasent system. The hospital began a pilot program with the patient identity...

Should big data research override patient privacy needs?

by Patrick Ouellette

Making the most out of healthcare big data sets to improve patient care by spotting disease and other types of healthcare trends is undoubtedly viewed as a critical part of healthcare IT innovation. Google co-founder Larry Page was the latest...

Calculating mental health data exposure ramifications

by Patrick Ouellette

When discussing patient privacy, mental and behavioral health records have a higher standard of care because of the sensitive nature of the information. Mental health patients have the subjective right to decide what is and isn’t available...

What does UCLA HIV study mean for social media privacy?

by Patrick Ouellette

Social media is starting to be recognized as a valuable tool for predictive analytics in healthcare, but what are the potential privacy effects among users? A recent UCLA Medicine study that was published in peer-reviewed journal Preventive Medicine...

Middlesex Hospital uses Splunk software for HIPAA compliance

by Nicole Freeman

Middlesex Hospital, a HIMSS Stage 6 hospital, is using Splunk Inc. real-time operational intelligence software to meet HIPAA and HITECH standards throughout its hospital IT network and to secure its electronic healthcare records (EHR). The...

HIMSS14 session preview: Patient privacy trends

by Nicole Freeman

Protecting patient data should be a high priority for all healthcare providers, and the government continues to create policy regarding the protection and access of protected health information (PHI). The Department of Health and Human Services...

HIMSS14 session preview: Privacy and compliance practices

by Nicole Freeman

Healthcare organizations are consistently reminded of their need to protect patient privacy and data, and HIPAA compliance is a requirement for all providers and their business associates (BAs). For healthcare systems, however, there is also...

HIMSS14 session preview: Coordinating ACO privacy & security

by Nicole Freeman

Accountable care organizations (ACOs) are being formed in different sizes across the country in an effort to improve patient access to care, the quality of care received, increase affordability, and, in some cases, switch to a value-based reimbursement...

Patient VDT portal authentication: Privacy considerations

by Patrick Ouellette

The Privacy and Security Tiger Team continued its discussion of access to View/Download/Transmit portals by friends, family members and personal representatives during its meeting on Monday, February 10. But before the Tiger Team was able to...

HIPAA requires providers using Skype to have BAAs

by Nicole Freeman

As expanding technology gives doctors new ways to contact patients and share their information HIPAA compliance questions continually pop up. Do the products being used protect patient data? Are additional safeguards required to comply with HIPAA?...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks