iHealthBeat: Privacy and Security

Mass. Hospital Faces $750,000 Settlement Over Data Breach

Tue, 29 May 2012 08:00:00 GMT

South Shore Hospital in Massachusetts has agreed to pay a $250,000 civil penalty and $225,000 toward a special fund as part of a settlement over a 2010 data breach that exposed the personal data of 800,000 individuals. The $750,000 settlement also credits the hospital for spending $275,000 to adopt new security measures after the breach. Boston Globe's "Business Updates" et al.

GW Researchers Launch New Website on Health Information Laws

Fri, 25 May 2012 08:00:00 GMT

George Washington University researchers have launched a new website to educate consumers, health care providers and organizations about federal and state laws related to health information. The site was funded by the Robert Wood Johnson Foundation. Healthcare IT News, FierceHealthIT.

Gov't Promotes Consistent Approaches to Consumer and Health Data Privacy

Thu, 24 May 2012 08:00:00 GMT

The health care sector should pay close attention to recent reports from the White House, the Federal Trade Commission and the Office of the National Coordinator for Health IT. The documents, which have implications for health care, lay out a consistent approach to protecting personal data privacy.

DHS: Mobile Technology Poses Security Risks to Health Data

Fri, 18 May 2012 08:00:00 GMT

A report from the Department of Homeland Security's National Cybersecurity and Communications Integration Center finds that the health care industry's adoption of mobile technology poses certain security risks to patient data. The report offers recommendations to bolster organizations' data security, such as operating well-maintained firewalls. Government Computer News et al.

Business Partners: A New Risk to Health Data Security?

Mon, 14 May 2012 08:00:00 GMT

Third-party business associates were involved in many of the largest health data breaches that occurred last year. Experts say that business associate agreements help to ensure the security of patient data, but the agreements might not go far enough.

ONC Issues Guide on Protecting Privacy, Security of Health Data

Wed, 09 May 2012 08:00:00 GMT

A new guide from the Office of the National Coordinator for Health IT's Office of the Chief Privacy Officer aims to help health care providers protect the privacy and security of patient data. The guide includes a 10-step plan on how health care providers can bolster their data privacy and security before attesting to meaningful use. Health Data Management, Healthcare IT News.

Medical Boards Offer Guidance on Clinicians' Use of Social Media

Tue, 08 May 2012 08:00:00 GMT

New guidelines from the Federation of State Medical Boards' House of Delegates recommend that health care providers always maintain their professionalism and strive to protect patient confidentiality when using social networking websites. CMIO, Modern Physician.

Missouri State Senator Blocks Bill To Create Rx Tracking Database

Mon, 07 May 2012 08:00:00 GMT

Last week, a Missouri state senator led an eight-hour filibuster to block the passage of a bill that would have authorized the state to create a prescription drug monitoring database. The senator said the bill would have infringed on patients' privacy rights. AP/Kansas City Star.

Group Offers Suggestions on How To Respond to Utah Health Data Breach

Mon, 30 Apr 2012 08:00:00 GMT

After a large-scale data breach last month, the Utah Health Policy Project is teaming up with other groups to offer recommendations on how the state can restore public trust in the security of personal health information kept by state health programs. Salt Lake City Deseret News.

Cybersecurity Attacks Could Target Federal Agencies, Health Data

Thu, 26 Apr 2012 08:00:00 GMT

An official from the Government Accountability Office recently outlined security weaknesses in federal agencies' information systems. The official also discussed cybersecurity attacks that have targeted personal health data. Modern Healthcare, The Hill's "Hillicon Valley."

Among Hospitals That Reported a Data Breach Last Year, How Many Breaches Did They Face?

Wed, 25 Apr 2012 08:00:00 GMT

In 2012, 69% of surveyed hospitals that reported a data breach in the past twelve months said that they had experienced more than one breach during that time frame, compared with 58% of surveyed hospitals in 2010, according to a HIMSS Analytics report commissioned by Kroll Advisory Solutions.

HITRUST Launches New Cybersecurity Center for Health Care Industry

Tue, 24 Apr 2012 08:00:00 GMT

Yesterday, the Health Information Trust Alliance announced the creation of a new center to help health care organizations manage cybersecurity threats. The center will work with 14 health care organizations and HHS to share data about cybersecurity incidents. Healthcare IT News.

Breach Could Affect More Than 228K S.C. Medicaid Beneficiaries

Fri, 20 Apr 2012 08:00:00 GMT

The South Carolina Department of Health and Human Services has announced that a data breach might have exposed the personal information of more than 228,000 Medicaid beneficiaries. According to the agency, the compromised data do not include medical information. CMIO et al.

Federal Health IT Activity Continues in First Quarter of 2012

Thu, 19 Apr 2012 08:00:00 GMT

Federal health IT efforts continued in the first quarter of 2012, with the release of proposed rules for Stage 2 of the meaningful use incentive program and the appointment of Todd Park as the country's new chief technology officer.

Atlanta Health System Announces Data Breach Affecting 315K Patients

Thu, 19 Apr 2012 08:00:00 GMT

Yesterday, Atlanta-based Emory Healthcare announced that it cannot locate 10 computer discs containing health and personal data on 315,000 surgery patients. About 228,000 of the missing records included Social Security numbers. Atlanta Journal-Constitution et al.

Ariz. Physician Practice To Pay $100K to HHS To Settle HIPAA Violations

Wed, 18 Apr 2012 08:00:00 GMT

Phoenix Cardiac Surgery has agreed to pay $100,000 and implement a corrective action plan to settle charges that it violated HIPAA privacy and security rules by posting appointments to a publicly accessible online calendar. Health Data Management, Modern Physician.

Florida Health System Notifies Nearly 9,500 Patients of Data Breach

Mon, 16 Apr 2012 08:00:00 GMT

Florida's Memorial Healthcare System is notifying nearly 9,500 patients that two former MHS employees might have improperly accessed their personal data to file false tax returns. MHS has fired the two employees and is offering no-cost credit-monitoring services. CMIO et al.

Utah Governor Calls for Security Audit Following Health Data Breach

Thu, 12 Apr 2012 08:00:00 GMT

In the wake of a health data breach that could affect nearly 800,000 Utah residents, Utah Gov. Gary Herbert has called for an audit of all state data systems that store personal information. The auditors also will assist with the investigation of the recent data breach. Salt Lake Tribune et al.

Health Care Providers Reporting Rise in Data Security Breaches

Wed, 11 Apr 2012 08:00:00 GMT

A new report by HIMSS Analytics and Kroll Advisory Solutions finds that health care providers have experienced a rise in health data breaches over the past few years. However, the report also finds that this year's survey respondents expressed greater confidence than previous years' respondents in their readiness to handle such breaches. Healthcare IT News, Kroll Advisory Solutions release.

Number of Residents Affected by Utah Health Data Breach Hits 800K

Tue, 10 Apr 2012 08:00:00 GMT

Utah Department of Health officials have updated their estimate for the number of residents who could be affected by a recent health data breach. UDOH now says the breach could have exposed personal and health data on nearly 800,000 residents. Salt Lake Tribune.

Colo. Board of Pharmacy Denies Medicaid, Insurer Access to Drug Registry

Tue, 10 Apr 2012 08:00:00 GMT

The Colorado Board of Pharmacy has denied Medicaid officials and a private health insurer access to the state's prescription drug registry. The pharmacy board said current state law allows only those providing direct care or direct prescriptions to access the information. Denver Post.

Utah Data Breach Could Affect More Residents Than Initially Reported

Mon, 09 Apr 2012 08:00:00 GMT

The Utah Department of Health has announced that a recent data breach could have affected 181,604 beneficiaries of Medicaid and the Children's Health Insurance Program. UDOH initially reported that the breach involved about 24,000 Medicaid files. Salt Lake Tribune et al.

Colo. Group Offers Ideas for Adding Behavioral Health Data to HIEs

Mon, 09 Apr 2012 08:00:00 GMT

A new report by the Colorado Regional Health Information Organization discusses issues related to adding behavioral health data to health information exchanges. The report suggests three approaches to integrating such data. Health Data Management, Modern Healthcare.

N.Y. Forms Health Data Exchange Policy Panel After Recent Criticism

Fri, 06 Apr 2012 08:00:00 GMT

New York state health officials have created a panel to develop and update health information exchange policies. The move comes after the New York Civil Liberties Union criticized the state over the privacy and security policies governing its health information exchanges. InformationWeek.

Utah Medicaid Data Breach Could Affect at Least 24,000 Individuals

Thu, 05 Apr 2012 08:00:00 GMT

The Utah Department of Health has announced that a data breach that occurred on March 30 could have affected 24,000 or more Medicaid beneficiaries. Officials are investigating why a UDOH server did not have adequate security measures in place. Salt Lake City Deseret News et al.

Final HIPAA Omnibus Rule Edges Closer to Official Publication

Thu, 29 Mar 2012 08:00:00 GMT

Federal officials have sent the final HIPAA Omnibus Rule to the Office of Management and Budget for review, one of the last steps before the rule can be published in the Federal Register. The omnibus rule combines four separate rulemakings on health data privacy. CMIO et al.

Panel Seeks Input on Ethical, Privacy Issues in Genomics Research

Wed, 28 Mar 2012 08:00:00 GMT

The Presidential Commission for the Study of Bioethical Issues has posted a notice in the Federal Register requesting public comments on various ethical issues involved in the large-scale collection of genome data, such as patient privacy and data access rights. Modern Healthcare.

FTC Offers Guidance on Protecting Privacy of Consumer, Health Data

Tue, 27 Mar 2012 08:00:00 GMT

The Federal Trade Commission has issued a report outlining best practices for protecting online privacy, including the privacy of health data. The report calls for Congress to pass legislation to regulate entities that collect consumer data for marketing purposes. New York Times et al.

CMS Releases Fact Sheet on Preparing for the HIPAA 5010 Transition

Tue, 27 Mar 2012 08:00:00 GMT

CMS has released a fact sheet aimed at helping health care providers transition to HIPAA 5010 transaction sets. The fact sheet recommends that health care providers establish a HIPAA 5010 transition plan and communicate regularly with software vendors. CMIO, FierceHealthIT.

Data Breach Might Have Exposed Information on 513 Georgia Patients

Wed, 21 Mar 2012 08:00:00 GMT

Georgia Health Sciences University has announced that the private information of 513 Georgia patients might have been exposed as a result of the theft of a nurse practitioner's laptop. The information on the laptop included limited diagnosis data. Modern Healthcare, CMIO.

Individuals Affected by TRICARE Data Breach Allege Possible Fraud

Thu, 15 Mar 2012 08:00:00 GMT

Attorneys have filed an amended complaint in a class-action lawsuit over last year's TRICARE data breach. The amended complaint alleges that several plaintiffs affected by the incident noticed potentially fraudulent activity in their financial accounts after the breach. NextGov.

CMS To Delay Enforcement of HIPAA 5010 by 3 More Months

Thu, 15 Mar 2012 08:00:00 GMT

Today, CMS' Office of E-Health Standards and Services announced that it would wait until after June 30 to start taking enforcement action against health care entities that fail to comply with HIPAA 5010 transaction standards. The three-month delay in the HIPAA 5010 enforcement date comes after CMS previously delayed the enforcement date from Jan. 1 to March 31. Modern Healthcare.

Privacy Laws Hindering Researchers' Access to Historical Health Data

Wed, 14 Mar 2012 08:00:00 GMT

Health data privacy regulations are preventing researchers from accessing historical patient records dating back as far as the 1700s. HHS has proposed changes to ease access to historical medical data but has not released a final rule on the changes. Philadelphia Inquirer.

BCBS of Tennessee To Pay $1.5M Over 2009 Health Data Breach

Wed, 14 Mar 2012 08:00:00 GMT

Yesterday, HHS' Office for Civil Rights announced that Blue Cross Blue Shield of Tennessee has agreed to pay $1.5 million to federal regulators and follow a corrective action plan in response to a 2009 data breach that could have affected more than one million people. The corrective action is the first resulting from the HITECH Act's breach notification rule. Health Data Management et al.

Security Risk Assessments Gaining Traction in Health Care

Mon, 12 Mar 2012 08:00:00 GMT

The health care industry has been slower than other fields to embrace security risk assessments. However, several factors -- including a growing number of data breaches, increased government oversight and the meaningful use program -- are starting to change that.

Study Finds More Work Needed To Boost Patient Control of Health Data

Fri, 09 Mar 2012 08:00:00 GMT

A study published in the journal Health Affairs finds that health care organizations could do more to educate consumers and help them take control of their health data. The study features case studies of five California-based health care organizations. Modern Healthcare et al.

Civil Liberties Union Criticizes N.Y.'s Health Data Exchange Policies

Fri, 09 Mar 2012 08:00:00 GMT

The New York Civil Liberties Union says there are major flaws in the privacy and security policies that govern health data exchange networks in New York state. The group says patients should have greater control over their own health data. InformationWeek, Albany Times Union.

ONC Seeking Input on Ways To Secure Health Data on Mobile Devices

Wed, 07 Mar 2012 08:00:00 GMT

The Office of the National Coordinator for Health IT has announced that it is seeking public input on the use of mobile devices by health care professionals, as well as best practices for ensuring the privacy and security of health information on such devices. CMIO et al.

Republican Lawmakers Seek Details on Federal Email Monitoring Policy

Tue, 06 Mar 2012 08:00:00 GMT

Sen. Chuck Grassley and Rep. Darrell Issa have sent a letter asking the Office of Management and Budget to evaluate email surveillance policies at all federal agencies. The letter comes amid an investigation into FDA's email monitoring practices. Washington Post's "Federal Eye."

Health Organizations Lagging in Ensuring Data Privacy, Security

Mon, 05 Mar 2012 08:00:00 GMT

A new report by the American National Standards Institute, Internet Security Alliance and Santa Fe Group finds that many health care organizations lack sufficient resources to implement strong safeguards for the protection of patient data. The report offers a five-step method for evaluating the actual and potential costs of health data breaches. Modern Healthcare et al.

Experts Outline New Legal Risks Associated With EHR Adoption

Mon, 05 Mar 2012 08:00:00 GMT

Experts say that the adoption of electronic health records could create new liabilities for health care providers. To reduce such legal risks, experts recommend appropriate EHR encryption and the implementation of EHR systems that limit modifications. American Medical News.

11 Class-Action Suits Combined as Single Case Over Sutter Data Breach

Thu, 01 Mar 2012 08:00:00 GMT

Sacramento County Superior Court will review a class-action lawsuit comprised of 11 individual suits filed in response to a data breach at California-based Sutter Health. The cases are being consolidated to maximize resources and avoid duplication. Sacramento Business Journal.

Stage 2 Proposed Rule Emphasizes Encryption of Health Information

Mon, 27 Feb 2012 08:00:00 GMT

A proposed rule for Stage 2 of the meaningful use program does not require the encryption of health data but calls for health care providers to assess the appropriateness of encryption when conducting security risk analyses. InformationWeek, Health Data Management.

ONC Seeks Resources for Personal Health Data Privacy Campaign

Mon, 27 Feb 2012 08:00:00 GMT

In response to the growing use of mobile devices to exchange personal health information, the Office of the National Coordinator for Health IT has announced a new initiative to collect resources for designing a public education campaign about health data privacy. Government Health IT.

ONC To Survey Patients About EHR Privacy and Security Concerns

Tue, 21 Feb 2012 08:00:00 GMT

The Office of the National Coordinator for Health IT plans to conduct a survey of 10,000 U.S. residents over five years to determine individuals' concerns related to the privacy and security of electronic health records. Government Health IT, Health Data Management.

Investigators Announce Expansion of Probe Into FDA Email Monitoring

Fri, 17 Feb 2012 08:00:00 GMT

The Office of Special Counsel is broadening its probe into allegations that FDA monitored the personal emails of employees who expressed concern about medical device safety. OSC said the emails monitored by FDA included messages sent to OSC. The Hill's "Healthwatch" et al.

Obama's FY 2013 Budget Plan Boosts ONC Funds, Cuts HHS' OCR Spending

Tue, 14 Feb 2012 08:00:00 GMT

President Obama's proposed fiscal year 2013 budget would increase the Office of the National Coordinator for Health IT's budget by 8% to $66 million. The proposal also includes a 5% cut in spending for HHS' Office for Civil Rights, which enforces HIPAA. GovInfoSecurity.

Standards Group Delays Push for Next Generation of HIPAA 5010

Wed, 08 Feb 2012 08:00:00 GMT

The American National Standards Institute's Accredited Standards Committee X12 said it will hold off on recommending the adoption of the next generation of HIPAA 5010 transaction sets, called HIPAA 6020. ASC X12 said it hopes to reassure the health care industry that HIPAA 5010 standards will have time to mature before HIPAA 6020 implementation begins. Modern Healthcare, Health Data Management.

Report: CIOs Concerned With Data Entry, Costs Associated With Tablets

Tue, 07 Feb 2012 08:00:00 GMT

A new report by BizTechReports finds that many hospital and clinic CIOs consider tablet computers to be difficult to integrate with existing health IT systems. The report offers recommendations to make tablets more useful in clinical environments. InformationWeek, NextGov.

Hospitals Mine Patient Data To Create Tailored Marketing Campaigns

Mon, 06 Feb 2012 08:00:00 GMT

Hospitals increasingly are using patient data to create targeted mailings that market specialty services, such as cancer, cardiac and orthopedic care. One expert says the trend likely will accelerate as hospitals deploy electronic health records. Kaiser Health News/USA Today.

Grassley Urges FDA To Explain Why it Monitored Staff Emails

Mon, 06 Feb 2012 08:00:00 GMT

Sen. Chuck Grassley has asked FDA to explain why it monitored the personal email of employees who raised concerns about medical device safety. He asked FDA whether the monitoring targeted only whistleblowers and whether the agency still is intercepting personal emails. A spokesperson said FDA Commissioner Margaret Hamburg will respond to Grassley directly. The Hill's "Healthwatch" et al.

Reported Health Data Breaches Rose by 97% in 2011, Report Finds

Wed, 01 Feb 2012 08:00:00 GMT

A report by IT security firm Redspin finds that reported U.S. health data breaches increased by 97% from 2010 to 2011. Of the 385 reported breaches analyzed, researchers note that 60% stemmed from malicious attacks such as hacking and theft. Healthcare IT News.

Center for Democracy & Technology's McGraw Discusses Health Data Privacy Challenges

Wed, 01 Feb 2012 08:00:00 GMT

Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, spoke with iHealthBeat about the challenges of protecting health data privacy.

Suit Accuses FDA of Monitoring Personal Emails of Employees

Mon, 30 Jan 2012 08:00:00 GMT

Six current and former FDA scientists and physicians have filed a lawsuit alleging that FDA monitored their personal emails after they informed congressional staffers that the agency approved medical devices that might pose risks to patients. FDA's computer system warns its employees that they should not expect their communications to be private. Washington Post.

Report: Ongoing Challenges Are Impeding Progress in Health IT

Fri, 27 Jan 2012 08:00:00 GMT

A new Bipartisan Policy Center report states that although health care providers are adopting electronic health records, certain obstacles are obstructing wider health IT use. According to the report, some of the barriers to health IT use include a lack of interoperability between systems and consumer concerns about EHR accuracy, privacy and security. AP/Boston Globe et al.

HHS Initiative To Develop Best Practices for Mobile Device Use

Thu, 26 Jan 2012 08:00:00 GMT

The Office of the National Coordinator for Health IT and the HHS Office for Civil Rights are rolling out a project to develop best practices for mobile device use in health care settings. The initiative will build on existing HIPAA rules and will focus on privacy and security best practices. Results will be shared with industry stakeholders. Government Health IT et al.

Health Information Not Part of Mistaken Release of VA Data to Website

Wed, 25 Jan 2012 08:00:00 GMT

The Department of Veterans Affairs says that no personal health information was exposed when the agency erroneously posted data to the genealogy website Ancestry.com. VA provided data following a Freedom of Information Act request. Modern Healthcare.

Report Outlines Social Media Opportunities, Risks in Health Care

Fri, 20 Jan 2012 08:00:00 GMT

A new ECRI Institute report touts social media opportunities for health care organizations while emphasizing the importance of strategy and risk management. The researchers recommend that organizations create plans to ensure compliance with privacy rules. CMIO et al.

Small Medical Practices More Susceptible to Health Data Breaches

Tue, 17 Jan 2012 08:00:00 GMT

Small medical practices are more susceptible to health data breaches than large organizations because they tend to use older technology and overlook basic security protections, according to Kroll Fraud Solutions' cybersecurity trends report. American Medical News.

HITRUST Announces Update of Health IT Security Framework

Fri, 13 Jan 2012 08:00:00 GMT

The Health Information Trust Alliance has released an updated version of its Common Security Framework, adding 12 new security measures and removing one. HITRUST said the changes reflect trends in data privacy and security threats facing the health care industry. Modern Healthcare.

Stakeholders Respond to Federal Proposal To Give Patients Full Access to Their Lab Results

Thu, 12 Jan 2012 08:00:00 GMT

Kate Christensen of Kaiser Permanente, Jason DuBois of the American Clinical Laboratory Association, Lawrence Hughes of the American Hospital Association and Eva Powell of the National Partnership for Women & Families spoke with iHealthBeat about a new federal proposal to give patients full access to their laboratory results.

What Effects Do PCPs Think Giving Patients Electronic Access to Doctor Notes Would Have?

Wed, 11 Jan 2012 08:00:00 GMT

Sixty-two percent of Beth Israel Deaconess Medical Center primary care physicians, 58% of Geisinger Health System PCPs and 36% of Harborview Medical Center PCPs participating in a program that gives patients electronic access to doctor notes believe it would help their practice deliver safer care, according to a new survey published in Annals of Internal Medicine.

Physicians Take Steps To Shield Reputations From Online Patient Criticism

Wed, 11 Jan 2012 08:00:00 GMT

Many physicians are taking steps to protect their reputations online amid the prevalence of websites that allow patients to post negative reviews. Some doctors are soliciting positive feedback from patients and hiring online reputation companies. Philadelphia Inquirer.

Mostashari Discusses Challenges Facing ONC, Data Privacy Protection

Wed, 11 Jan 2012 08:00:00 GMT

In an interview with HealthLeaders Media, National Coordinator for Health IT Farzad Mostashari discussed the challenges that the Office of the National Coordinator for Health IT will face in 2012, as well as efforts to protect the privacy of patient data. HealthLeaders Media.

2012: Time for Action on Health Privacy

Mon, 09 Jan 2012 08:00:00 GMT

With the start of the new year, it's time to break that pattern of too much talk and not enough action. The federal government must take big, concrete steps to implement a comprehensive privacy and security policy and technology framework to govern electronic health information exchange.

Class-Action Lawsuit Filed Over Data Breach at UCLA Health System

Wed, 21 Dec 2011 08:00:00 GMT

Attorneys have filed a class-action lawsuit against University of California-Los Angeles Health System over a security breach that exposed data on 16,288 patients. The suit is seeking as much as $16 million in damages. Modern Healthcare.

Top Data Breaches of 2011 Included Patient Privacy Incidents

Tue, 20 Dec 2011 08:00:00 GMT

A report by Privacy Rights Clearinghouse lists the six "most significant" data breaches of this year. Three of the top breaches took place at health care organizations and involved a total of nearly 11 million patient medical records. Modern Healthcare, Healthcare IT News.

Patients Want To Access, Share Their Health Data, Studies Find

Tue, 20 Dec 2011 08:00:00 GMT

A new Annals of Internal Medicine study finds that most patients were enthusiastic about the launch of a system that would allow them to access their physician's notes. According to another study in the same journal, most patients who use the Department of Veterans Affairs' personal health record tool want the ability to share that data with at least one other person. Reuters at al.

Many Doctors Relying on Claims Clearinghouses for Shift to HIPAA 5010

Tue, 20 Dec 2011 08:00:00 GMT

A new KLAS report finds that many office-based physicians are not preparing for the transition to HIPAA 5010 transaction sets. More than half of those who responded to the KLAS survey said they are relying on their claims clearinghouses to handle the change. Modern Healthcare.

Broader EHR Use Could Increase Data Breaches, Raise Legal Concerns

Mon, 19 Dec 2011 08:00:00 GMT

The rise in electronic health record use raises concerns that medical data breaches also might increase. The legal responsibility for such breaches is a concern for health care providers and entities that work with patient data. New York Times, Boston Globe's "White Coat Notes."

Rule Will Conceal Information on Queries to Physician Database

Wed, 14 Dec 2011 08:00:00 GMT

Under a federal rule that takes effect Dec. 23, health care providers no longer will receive notification if someone uses the National Practitioner Data Bank to access information on them for an investigation. HHS officials said the rule aims to prevent tampering with evidence and make it easier for law enforcement agencies to investigate physicians. American Medical News.

Many Health Providers Skeptical of Cloud-Based Systems, Report Finds

Tue, 13 Dec 2011 08:00:00 GMT

Although 58% of surveyed health care providers are considering using cloud-based tools, many have concerns with Web-based data storage, according to a KLAS report. Many survey respondents cited cost savings as the greatest expected benefit of using cloud-based systems. CMIO.

Computer Virus Led to Patient Diversions at Georgia Medical Center

Mon, 12 Dec 2011 08:00:00 GMT

Last week, a computer virus forced Georgia's Gwinnett Medical Center to divert emergency department and trauma patients to other hospitals. According to hospital officials, the virus now is under control, and it did not put patient data at risk. Atlanta Journal-Constitution et al.

Experts: Stolen Patient Data Is Most Lucrative Form of Identity Theft

Fri, 09 Dec 2011 08:00:00 GMT

During a recent conference, cybersecurity experts said that stolen patient information can fetch up to $50 on the black market, while Social Security numbers are worth about $3. Experts noted that unlike a credit card, personal health data cannot be canceled. MedPage Today.

VA Equipment Tracking System Raises Concerns About Staff Monitoring

Wed, 07 Dec 2011 08:00:00 GMT

The Department of Veterans Affairs has issued a draft request for proposals for a real-time location system to track medical equipment. Unions are concerned about a possible invasion of privacy if the department uses the tracking system to monitor employees. NextGov.

Lawmakers Question TRICARE Director on Recent Data Breach

Tue, 06 Dec 2011 08:00:00 GMT

A group of lawmakers has sent the director of TRICARE a letter seeking information on a recent data breach that affected about 4.9 million individuals. The letter asks TRICARE to respond to 17 questions on health information and other data security policies. Modern Healthcare et al.

CMS Issues Final Rule Allowing Entities To Access Claims Data

Tue, 06 Dec 2011 08:00:00 GMT

Yesterday, CMS announced a final rule allowing certain qualified organizations to access its massive claims database, which contains information on 47 million beneficiaries and nearly every participating physician and hospital in the country. Organizations can use the data to create public performance reports on physicians, hospitals and other health care providers. AP/Washington Post et al.

Survey: Many Health Care Organizations Not Ready for HIPAA Audits

Mon, 05 Dec 2011 08:00:00 GMT

A survey by HCPro finds that 17% of health care organizations are fully prepared for federal audits measuring compliance with HIPAA privacy and security rules. Seventy percent of respondents said they are "somewhat prepared." Becker's Hospital Review, HealthLeaders Media.

Suit Challenges Efforts To Block Negative Online Patient Reviews

Fri, 02 Dec 2011 08:00:00 GMT

A class-action lawsuit filed in federal court challenges health care providers' ability to require patients to sign contracts agreeing not to post negative reviews to websites such as Yelp and DoctorBase. The organization Medical Justice, which offers such privacy agreements to health care providers, said it is using the case as an opportunity to retire the contracts. Ars Technica et al.

Privacy Advocates Raise Concerns About Security of Data in Health Apps

Fri, 02 Dec 2011 08:00:00 GMT

Some privacy advocates say that medical data stored in health-related smartphone applications might not be secure. Mobile apps are not covered by HIPAA privacy and security rules, meaning that app developers have few restrictions on what they do with user data. NPR's "Shots."

Report: Health Data Breaches Increased by 32% in Last Year

Thu, 01 Dec 2011 08:00:00 GMT

A report by the Ponemon Institute and ID Experts finds that the number of reported health data breaches has increased by 32% since 2010 and that such breaches could be costing the health care industry an average of $6.5 billion annually. The report also includes recommendations aimed at helping health care organizations reduce their data breach risks. MedPage Today et al.

New ONC Initiative Tackles Data Segmenting in HIE

Mon, 28 Nov 2011 08:00:00 GMT

In an effort to overcome existing obstacles, the Office of the National Coordinator for Health IT recently began a new Data Segmentation Initiative to develop standards to electronically tag and separate sensitive health information.

Patients File Lawsuit Against Sutter Health in Stolen Data Incident

Wed, 23 Nov 2011 08:00:00 GMT

Sutter Health patients have filed a lawsuit against the California health system after the theft of a computer containing personal data of more than four million patients. The lawsuit argues that Sutter was negligent in securing data and in notifying affected patients. Sacramento Bee, KCRA.

Groups Seek To Create Rules on Electronic Claims Transactions

Tue, 22 Nov 2011 08:00:00 GMT

Health Level Seven International and the American National Standards Institute's Accredited Standards Committee X12 recently asked to be jointly designated as the entity to develop operating rules for electronic HIPAA claims attachment transactions. Health Data Management.

Joint Commission: Text Messages Should Not Be Used in Patient Orders

Mon, 21 Nov 2011 08:00:00 GMT

The Joint Commission has issued a statement declaring that physicians and other medical practitioners should not use text messages for patient care orders. Experts say the commission's stance reflects concerns about the privacy and security of patient data. Fierce Mobile Healthcare.

Sutter Health Reports Stolen Computer With Data on 4.2M Patients

Thu, 17 Nov 2011 08:00:00 GMT

California-based Sutter Health has announced that a computer containing the personal data of 4.2 million patients was stolen from a Sacramento medical office last month. Officials said that the computer was password-protected but that data were not encrypted. Sacramento Business Journal et al.

CMS To Delay Enforcement of HIPAA 5010 Transaction Sets

Thu, 17 Nov 2011 08:00:00 GMT

Today, CMS announced that its Office of E-Health Standards and Services will delay enforcement of compliance with HIPAA 5010 transaction sets from Jan. 1, 2012, to March 31, 2012. Despite the 90-day delay of enforcement action, OESS said it will accept complaints related to noncompliance with the HIPAA 5010 standards starting Jan. 1, 2012. Modern Healthcare, Health Data Management.

PwC: Health IT Among Top 10 Issues Facing the Health Care Industry

Wed, 16 Nov 2011 08:00:00 GMT

PricewaterhouseCoopers' Health Research Institute has released a report finding that some of the top issues facing the health care industry in 2012 are related to investing in health care informatics, strengthening data privacy and security protections, and using social media. Government Health IT.

AHA, HIMSS Respond to Proposal on Patient Access to Lab Reports

Wed, 16 Nov 2011 08:00:00 GMT

The American Hospital Association and the Healthcare Information and Management Systems Society recently sent letters recommending that HHS consider the challenges that laboratories would face under a proposed rule aimed at improving patient access to lab testing results. AHA News, HIMSS letter.

Virginia Commonwealth University, Health System Servers Hacked

Tue, 15 Nov 2011 08:00:00 GMT

Virginia Commonwealth University has discovered that two servers for the school and VCU Health System were hacked, potentially exposing personal data on health system employees. Officials said the breach did not compromise patient data. Richmond Times-Dispatch et al.

Report: CMS Should Overhaul its IT Systems, Ensure Data Security

Tue, 15 Nov 2011 08:00:00 GMT

A National Research Council committee has released a report recommending that CMS overhaul its IT systems to prepare for a shift from fee-for-service to value-based payment models. The report also calls for CMS to protect the security of personal data. Modern Healthcare, GovInfoSecurity.

VA Aims To Advance Health Care Research Through Database

Mon, 14 Nov 2011 08:00:00 GMT

The Department of Veterans Affairs is working to compile a database of one million veterans' medical information in an effort to improve veterans' health care by better understanding how genomics affects health. NPR's "Morning Edition."

Spotlight on New PHR Model Privacy Notice

Thu, 10 Nov 2011 08:00:00 GMT

To help address consumer privacy concerns, the Office of the National Coordinator for Health IT has released a Personal Health Record Model Privacy Notice that allows providers of Web-based PHRs to inform consumers about their data sharing and privacy and security policies.

Senators Hold Hearing on Protections Against Health Data Breaches

Thu, 10 Nov 2011 08:00:00 GMT

During a Senate subcommittee hearing yesterday, health privacy experts testified that many health care providers are not encrypting electronic health records. Senators questioned whether HHS is doing enough to enforce current health data breach protections. Reuters et al.

HHS Restores Access to Physician Database, With New Requirement

Thu, 10 Nov 2011 08:00:00 GMT

HHS' Health Resources and Services Administration has reopened an online database containing physician malpractice and disciplinary case information. HRSA officials said users must not combine information from the database with publicly available records that could be used to identify physicians. One group says the restrictions could be unconstitutional. New York Times et al.

Office for Civil Rights Gears Up for HIPAA Compliance Audits

Wed, 09 Nov 2011 08:00:00 GMT

This month, HHS' Office for Civil Rights plans to begin auditing covered entities for compliance with HIPAA standards for privacy, security and data breach notification. OCR will send written notices to covered entities selected for an initial round of 20 audits. The office plans to use the results of the initial audits to inform how future audits will be conducted. Health Data Management, Modern Healthcare.

Opinion Piece Calls for Sharing Physicians' Notes With Patients

Tue, 08 Nov 2011 08:00:00 GMT

In an opinion piece, Harvard Medical School professors Tom Delbanco and Jan Walker argue that patients should be able to review medical notes from their physician in an electronic format, adding that giving patients access to their notes could improve care management. Modern Healthcare.

UCLA Health System Notifies 16,000 Patients of Stolen Hard Drive

Mon, 07 Nov 2011 08:00:00 GMT

Officials from the University of California-Los Angeles Health System have alerted about 16,000 patients that an external hard drive was stolen from a physician's home. The hard drive contained patient information such as names, birth dates and health data. Los Angeles Times et al.

Senator Continues Push for HHS To Reopen Malpractice Database

Mon, 07 Nov 2011 08:00:00 GMT

In an effort to boost transparency, Sen. Chuck Grassley is continuing to pressure HHS' Health Resources and Services Administration to reopen an online database that includes information on physician malpractice and disciplinary cases. Grassley also requested a meeting with the individual responsible for authorizing the closure of the database. Modern Physician, Kansas City Star.

Are There Privacy Impediments to Payers and Providers Joining Forces?

Mon, 07 Nov 2011 08:00:00 GMT

Integrated systems where health care providers and payers join forces to increase quality of care and reduce costs could successfully reform the health care system. But are there potential privacy issues when payers and providers join forces?