Skip to main content

Privacy & Security

By Bernie Monegain | 10:56 am | January 10, 2017
The Office for Civil Rights said the Presence suit marks the first HIPAA enforcement action it imposed on a provider for lack of timely breach notification.
By Bernie Monegain | 09:04 am | January 10, 2017
John Houston cautions that healthcare entities need to make sure they address downtime, data rights and security when putting together contracts with cloud-based services providers.
By Jane Sarasohn-Kahn | 07:43 pm | January 09, 2017
Most medical things exhibited at CES 2017 are connected devices with apps that collect, analyze, and feedback data and information to users (patients, consumers, caregivers) and health/care providers (physicians, nurses, care coaches, and others who support people in self-care). While the Internet of Things is generally thought to cover more generic stuff for smart and connected homes, network-connected health and medical technologies are also part of the larger IoT phenomenon. And like health and medical “things” exhibited at #CES2017, other consumer electronics that people will purchase this year ongoing will be connected to the Internet, from refrigerators to cars, to TVs and hearing aids. Among the most popular connected devices during the 2016 holiday season was Amazon’s Alexa, providing voice-assistant technology in the home: Amazon shoppers bought more Alexa devices than ever in the 2016 holiday season. Alexa’s base technology can be used for healthcare at home, which was demonstrated by Orbita at the recent Connected Health Conference in December 2016. The company showed voice-activated home health capabilities such as medication adherence, pain management, patient monitoring, and caregiver coordination. This is an early example of home health through home tech assistants, of which Amazon’s Jeff Bezos waxed, “I think health care is going to be one of those industries that is elevated and made better by machine learning and artificial intelligence. And I actually think Echo and Elena do have a role to play in that.” Boston Children’s Hospital is a pioneering healthcare provider, implementing Alexa in KidsMD, which uses the device to support parents caregiving for their kids’ healthcare. As the Internet of Things takes hold in all aspects of consumer technology adoption, another phenomenon may also simultaneously occur: the Insecurity of Things, coined by Accenture in advance of #CES2017. The Insecurity of Things, Accenture’s John Curran explained to VentureBeat last week, is the challenge that consumers won’t universally trust IoT connected devices until the ongoing security issues around them are resolved. Health Populi’s Hot Points: I addressed the privacy and security issues of connected health data in my recent paper published by the California HealthCare Foundation, Here’s Looking At You: How Personal Health Information Is Being Tracked And Used. Most consumers are unaware of what’s in the fine print in mobile health opt-in notices, but if people buy a new wearable tech or download an app they’re keen to use, most click through the privacy policy without really knowing what’s gonig to happen to their data. That information can end up in third party data brokers’ data mines that can be mashed up into consumer profiles and sold to any number of organizations who might benefit from getting up-close-and-personal (albeit, in the dark shadows) with consumers; say, mortgage brokers evaluating loans for home buyers, or employers considering job applications for prospective employees. That’s the privacy aspect of data shared, unwittingly, by health consumers whose diagnosis of, perhaps, depression, or active use of a food-tracking app that documents one’s personal obsession with Twinkies. From privacy in IoT for health and medicine, we can then consider security. The US Department of Homeland Security published the report, Strategic Principles for Securing the Internet of Things (IoT), in November 2016. The report talked about the growing ubiquity of network-connected devices, from fitness trackers and pacemakers to cars and home thermostats. Cybersecurity has gained more attention in the age of connected health and the Internet of Healthy Things, the phenomenon discussed by Dr. Joseph Kvedar in his book of the same name. The Homeland Security report mentions the Food and Drug Administration draft guidance on Postmarket Management of Cybersecurity in Medical Devices discussed in a recent blog on the FDA website here. A Healthcare IT News survey out this week found that the No.1 health IT challenge hospital IT execs cite for 2017 is data security (52 percent), followed by analytics; patient engagement and population health tied for third place. Electronic health records took the fourth position, indicating that now that most healthcare providers have patients’ records digitized, they’re now ready to mash them up and analyze them to manage  population health, prevent readmissions, and personalize services for increasingly demanding consumers. But that data, first, must be secured to prevent cyber-attacks, malware, and personal health data theft. Trust is a precursor to health engagement: patients engage with healthcare stakeholders who earn that trust and authenticity which drives patient satisfaction. Data security in health care is now a patient engagement issue in the growing telehealth and health IoT era. I’ll be asking digital health companies about privacy and security issues all week here at #CES2017.
Compliance
By Jessica Davis | 12:45 pm | January 09, 2017
Four experts discuss the lessons the healthcare industry learned the hard way this past year – and the need for much stronger security measures in 2017.
By Jack McCarthy | 08:30 am | January 09, 2017
The pre-conference, day-long event will feature an update on fast-changing regulatory policy and practices for medical device cybersecurity.
By Chris Nerney | 08:07 am | January 09, 2017
Mayo Clinic IT managers suggest identifying practical solutions, then instituting governance and change management policies around identity management. 
Privacy & Security
By Jessica Davis | 06:44 pm | January 06, 2017
The organization was infected with Harak1r1 the 0.2 Bitcoin Ransomware, which completely wipes data from the hacked database instead of traditional encryption.
By Susan Morse | 03:55 pm | January 06, 2017
The hacker who targeted Anthem in early 2015, exposing more than 78 million customer records in one of the largest healthcare breaches ever, was acting on behalf of a foreign government.
By Jessica Davis | 08:19 am | January 05, 2017
Eric Miller runs Ascension’s software-defined networking automation that enables secure connectivity to support Internet of Things and other technology advances - using methods that he says can advance the impact of IoT.
By Jessica Davis | 12:57 pm | January 04, 2017
A white hat hacker says he notified DoD subcontractor Potomac Healthcare on Dec. 29, but the files remained online for more than an hour after the initial warning.