Compliance & Legal

Attorneys offer their perspective on the privacy and compliance issues faced by the technology and how it squares, or not, with laws such as HIPAA and GDPR.

Anthem is being held responsible for cyber attacks that stole the protected health information of close to 79 million people.

The settlement with New Jersey resolves two separate privacy breaches regarding members HIV/AIDS status and those with AFib.

HITRUST launched a security program to help start-up companies bolster their privacy and security foundations, including the adoption of the most comprehensive risk management, compliance and security services. WHY IT MATTERS The goal is to support startups in adopting best practices as they grow. HITRUST is working closely with those small businesses to ensure these security features are baked into their products from the beginning. To accomplish this, HITRUST is bundling and pricing its programs to align with small businesses that have been in business for less than three years, have fewer than 50 employees and less than $10 million in annual revenue. The program will streamline HITRUST adoption. ON THE RECORD “Navigating risk management and compliance requirements can be costly and a strain on internal resources and can be daunting for any company, but it can be compounded in start-ups that are focusing on bringing their vision to market,” Mike Parisi, HITRUST’s vice president of assurance strategy and community development, said in a statement. THE TREND HITRUST was formed in 2007 and is seen as one of the industry’s gold standards for security. In May, it launched a certification program for the NIST Cybersecurity Framework for hospitals and health systems to ensure security compliance. The RightStart Program will ensure these startups embed these security standards into “their evolving business models,” Parisi added. HITRUST officials stressed that often these types of security measures are seen as a barrier to adoption. And as a result, companies will add programs in an ad hoc way, which leads to a loss of time and money, without a guaranteed improved risk posture. To Hoala Greevy, Paubox CEO, the hope is that the program will give the company the ability to adopt a security framework that will scale with the organization. “HITRUST provides us with the tools for secure, compliant growth needed to increase our bottom line,” Greevy said in a statement. “Our customer focus demands we have security, compliance, and risk management in place by design and not as an afterthought.” .jumbotron{ background-image: url("http://www.healthcareitnews.com/sites/default/files/u2231/cybersecurity-jumbotron-712.jpg"); background-size: cover; color: white; } .jumbotron h2{ color: white; } Focus on Cybersecurity In October, we take a deep dive into security strategy and pressing threats. Twitter: @JF_Davis_ Email the writer: jessica.davis@himssmedia.com

As HIPAA was written when most providers still used paper charts, the framework today has plenty of room for improvement.

Part two of our cyber insurance series highlights the need for healthcare organizations to compare prices and find a carrier willing to partner on cybersecurity.

An employee uploaded a file containing member information to a public-facing website in April, but officials did not discover the error until July.

Though not without critics, the FDA has advanced regulatory processes for apps, medical devices, genomics and clinical decision support.

An Internet of Things expert from Travelers discusses equipment maintenance software, smart screens and IoT-linked cabinets.

Company says expanding coverage for Amazon, Google Cloud, Microsoft and others, makes it easier for hospitals to comply with a host of data privacy regulations.