The National Institute of Standards and Technology is seeking public comment as it plans to update its 2008 guidance for implementing the HIPAA Security Rule. But is it time to update the security rule itself?
A proposed privacy framework from the eHealth Initiative & Foundation and the Center for Democracy and Technology aims to set standards for the collection, disclosure and use of health data that falls outside the protection of HIPAA, says attorney Andrew Crawford of CDT.
Hacking incidents - including ransomware attacks, phishing scams and episodes involving vendors - are still the dominant culprits in major health data breaches being reported to federal regulators so far this year. Why?
Truveta, a new big data collaborative research effort involving 14 U.S. healthcare providers, will share de-identified data on millions of patients in an effort to improve treatments through personalized medicine. But the project raises important privacy issues.
From both a regulatory and a security perspective, it’s not enough to simply perform a risk analysis. The HIPAA Security Rule requires and today’s rapidly evolving threat landscape demands that healthcare organizations respond to the risks identified appropriately and effectively.
Read this guide for expert...
As federal regulators intensify their focus on compliance with requirements to provide patients with access to their health information, healthcare organizations need to sort through a variety of emerging challenges, says health information management and privacy expert Rita Bowen.
The growth in the use of telehealth during the COVID-19 crisis means that healthcare providers must carefully reassess and bolster the security of the connected devices, applications and systems used, says Kelly Rozumalski of the consultancy Booz Allen Hamilton.
In the year ahead, healthcare organizations must be prepared to face an assortment of advancing security threats, including those that damage the integrity of critical patient data, says Rod Piechowski of the Healthcare Information and Management Systems Society.
The COVID-19 pandemic has spotlighted an array of evolving patient privacy issues that legislators and regulators will need to address in the year ahead, say government policy experts Mari Savickis and Cassie Leonard of the College of Healthcare Information Management Executives.
Under legislation passed by Congress this weekend that awaits President Trump's signature, HIPAA enforcers, when considering financial penalties for compliance violations, would need to determine whether an organization had implemented "recognized security practices," such as the NIST Cybersecurity Framework.
The Department of Health and Human Services last week issued its 10th settlement involving a HIPAA "right of access" case since launching its patient records access initiative last year. But how might HIPAA enforcement priorities at HHS' Office for Civil Rights change under a Biden administration?