Privacy & Security
Chuck Kesler has worked in information technology and data security for more than 25 years. He joined Duke Health as chief information security officer in 2011.
From "script kiddies" to sophisticated nation states, healthcare organizations have to be on the lookout for a variety of dangerous bad actors looking to crack its cybersecurity defenses, according to a recent Institute for Critical Infrastructure Technology report.
For Phil Alexander, information security officer at the University Medical Center, in Lubbock, Texas, the key to safeguarding health systems is a focus on education, technology and a rapid response.
Cyber-criminals continue to pose major threats to healthcare information technology departments, and experts say it’s the lure of electronic protected health information that keeps them coming.
Healthcare IT News and HIMSS are accepting speaker proposals for the Privacy & Security Forum in Los Angeles, May 11-12, 2016.
The U.S. Food and Drug Administration and the MITRE Corporation are working together to foster a more a collaborative approach to address the sometimes abject vulnerability of critical medical devices to cyberattack.
Patients struggle with sharing health information online, cite privacy concerns, breaches, Pew repo…
Just over half of Americans feel it would be acceptable for doctors to use health information websites to manage patient records, according to a new Pew Research Center survey.
A new report shows 84 percent of U.S. FDA-approved health apps tested by IT security vendor Arxan Technologies did not adequately address at least two of the Open Web Application Security Project top 10 risks.
To make it easier for people to gain access to their personal health information, the U.S. Department Health and Human Services had posted some clarifications about individuals' right under HIPAA privacy rules.
“Unfortunately, based on recent studies and our own enforcement experience, far too often individuals face obstacles to accessing their health information, even from entities required to comply with the HIPAA Privacy Rule,” Jocelyn Samuels, HHS director of the Office for Civil Rights wrote. “This must change.”
HHS explained that the “Privacy Rule requires HIPAA covered entities (health plans and most health care providers) to provide individuals, upon request, with access to the protected health information about them in one or more ‘designated record sets’ maintained by or for the covered entity,” HHS said. ”This includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the covered entity to transmit a copy to a designated person or entity of the individual’s choice.”
[Also: HHS to change HIPAA rule on gun background checks]
What’s more, that right exists for as long as the provider or a business associate maintains the PHI and regardless if they do so on paper or via electronic health records.
HHS defines a ‘designated record set as medical and billing records as well as enrollment, payment or claims information as well as other data “used to make decisions about any individuals,” the agency said.
“The term ‘record’ means any item, collection or grouping of information that includes PHI and is maintained, collected, used or disseminated by or for a covered entity,” HHS said.
The evolution in healthcare toward rapid, secure exchange of Electronic Health Records data along with targeted treatments via the precision medicine model of patient-engaged research has made it more important for individuals to quickly access to their health information. However, this process has been slow developing, Samuels said.
To that end, HHS published a fact sheet and the first in a series of Frequently Asked Questions to clarify. The initial FAQ addresses the scope of information covered by HIPAA’s access right, the limited exceptions to this right, the form and format in which information is provided, the requirement to provide access to individuals in a timely manner, and the intersection of HIPAA’s right of access with the requirements for patient access under the HITECH Act’s Electronic Health Record Incentive Program.
[Like Healthcare IT News on Facebook]
Samuels said HHS will develop additional guidance and other tools to help individuals understand and exercise their right to access their health information.
Other consumer access tools are being developed by the Office for Civil Rights, working with the White House Social and Behavioral Sciences Team and the Department of Health and Human Services Office of the National Coordinator for Health Information Technology, Samuels added.
Twitter: @HealthITNews
After spending the past year reporting on loopholes and lax enforcement of the federal patient-privacy law known as HIPAA, ProPublica reporter Charles Ornstein has come to realize that it's not just celebrity patients who are at risk. We all are.