Compliance & Legal

Security chief touts the value of HICP, cyber preparedness 'cookbook'
By Mike Miliard | 03:31 pm | November 20, 2019
Erik Decker, chief security and privacy officer at University of Chicago Medicine, describes the value of HHS' Health Industry Cybersecurity Practices framework, which offers workable best practices for the management and mitigation of prevalent threats.
Google offers online tools to help with secure cloud hosting
By Max Sullivan | 03:05 pm | November 19, 2019
The Google Cloud Healthcare Data Protection Toolkit can help healthcare organizations chart strategies for HIPAA-aligned data management, the company says.
Engagement
Patients still facing big obstacles getting their own health data
By Mike Miliard | 10:41 am | November 14, 2019
Despite HIPAA's right of access rule, and CMS and ONC prioritizing consumer access in their forthcoming 21st Century Cures regs, a new scorecard shows that providers have some work to do.
Project Nightingale seems to square with HIPAA, but next steps matter
By Nathan Eddy | 03:24 pm | November 13, 2019
While Google apparently signed a business associate agreement with Ascension, and the scope of the data sharing appears to be in line with HIPAA allowances, there are still many questions about how the patient information is being put to use.
Ascension, Google working on 'secret' patient data project, says WSJ
By Mike Miliard | 05:50 pm | November 11, 2019
With the initiative, reportedly called Project Nightingale, the health system and tech giant have been collecting and analyzing detailed medical records, including names and birth dates, according to the Wall Street Journal.
A costly failure to encrypt for University of Rochester Medical Center
By Mike Miliard | 12:06 pm | November 07, 2019
The health system will pay $3 million to settle with OCR and take corrective action after protected health information was left unencrypted on lost and stolen mobile devices.
Kipu Health awarded $19.5M after competitor copycat charge
By Nathan Eddy | 01:38 pm | November 06, 2019
The cloud-based EHR developer had alleged that a former customer, ZenCharts, which plans to appeal, had violated a user agreement, cloning its software to develop a system of its own.
CynergisTek acquires Backbone Consultants, adding audit and privacy expertise
By Mike Miliard | 02:03 pm | November 01, 2019
The cybersecurity compliance company says Backbone's advisory services will help clients manage ever-changing infosec and privacy demands, such as the third-party audits required for EPCS, the privacy demands of GDPR and more.
Cybersecurity tips for CIOs and CISOs dealing with the widely dispersed data of healthcare
By Bill Siwicki | 01:29 pm | October 30, 2019
A security expert says discover assets on a network, perform vulnerability assessments, embrace identity governance, perform privileged access management, hire white hat ethical hackers and more.
Implementation best practices: The optimal way to approach security
By Bill Siwicki | 01:39 pm | October 23, 2019
Three healthcare cybersecurity experts showcase the most effectual strategies CIOs and CISOs can take when erecting defenses against criminals seeking valuable patient information.