Compliance & Legal

Healthcare organizations can streamline the vendor management process to reduce third-party risk, while they build a culture of resilience.

William McDermott briefed the 2022 HIMSS Cybersecurity Forum in Boston on new threats, cleared up some misconceptions about incident response and walked through what happens when healthcare organizations reach out for help.

"The adversary has to beat all of us to beat one of us," said Greg Garcia of the Healthcare and Public Health Sector Coordinating Council at the HIMSS Healthcare Cybersecurity Forum.

At the 2022 HIMSS Healthcare Cybersecurity Forum in Boston, keynote speaker Anita Allen described the delicate and complex balance between the imperative of data sharing and the need to protect privacy.

The Indiana provider says pixels used to collect information about website users may have transferred certain types of patient information since 2017.

The agency issued a bulletin clarifying that a notice of pixel use does not permit PHI disclosure, and when HIPAA-compliant authorizations for pixels are required.

Anita Allen, professor of law and philosophy at the University of Pennsylvania, says "data sharing is the new health ethic," in a preview of her keynote address at the HIMSS Healthcare Cybersecurity Forum.

There are still a lot of misconceptions about the ONC rule and its requirements, says Joerg Schwarz, senior director for healthcare interoperability strategy at Infor, who offers some tips for provider organizations.

Perspective on minimizing the risks of third-party information sharing from Odia Kagan, partner and chair of GDPR compliance and international privacy for Fox Rothschild LLP.

The former employee's access to patient data and health information was outside the scope of their job functions and was without a reasonable basis, the health plan says.