Privacy & Security

Mac McMillan, CEO of CynergisTek, talks about the HIPAA Omnibus rule, implications of its enforcement, and Business Associate Agreements at the 2013 Privacy and Security Forum.

Some 90,000 University of Washington Medicine patients got a surprise this Thanksgiving, and it wasn't a very good one.

In its second reported data breach this fall, Kaiser Permanente is notifying patients seen at its Anaheim Medical Center that their protected health information has been compromised after a USB flash drive containing patient data went missing.

When a medical privacy breach occurs, it's most often the patient who gets notified that their personal information was compromised, not the provider. But that's not always the case.

Researchers and other clinicians love it. Privacy officers, not so much. The popular file hosting site isn't HIPAA compliant, and hasn't shown much interest in business associate agreements.

Wish there could be a delay of Stage 2 meaningful use? Talk to the Centers for Medicare & Medicaid Services, not the Office of the National Coordinator for Health Information Technology. And don't hold your breath.

Data breaches and cybersecurity threats in healthcare are going to happen. It's virtually unavoidable. What can be avoidable, however, are the messy consequences of substandard risk assessment strategies and inadequate threat response.

As patient engagement gains momentum, and technology enables easier access to personal health information, many providers still charge money for copies of records. That's allowed under HIPAA and HITECH. But is it wise?

The Centers for Medicare & Medicaid Services CIO, Tony Trenkle, is stepping down this month amid the problematic rollout of the Healthcare.gov website, CMS announced in an email to the staff.

When in the realm of healthcare privacy and security, electronic health records may facilitate easier data exchange and data viewing, but the systems' audit trails make catching unauthorized viewers all the more simple, too.