In preparing business associate agreements, healthcare organizations should demand a right-to-audit clause and copies of vendors' current security policies as proof that the companies are taking appropriate measures to protect patient data, says security expert Rebecca Herold.
One of the most difficult challenges in protecting sensitive patient data that's used in medical research is educating researchers and other clinicians who share that data about potential privacy issues, says Dave Summitt of Moffitt Cancer Center in Florida.
Did Massachusetts' first registered medical marijuana dispensary break federal or state privacy regulations by accidentally sharing patients' email addresses? Experts explain that ... well, the answer is a little hazy.
A new report says the Department of Health and Human Services has several security weaknesses that may have contributed to five recent data breaches. But are other healthcare entities guilty of the same mistakes?
Does your organization really have a clear idea of what measures your business associates are taking to safeguard your most sensitive data? Yet another breach, this one affecting Arkansas Blue Cross Blue Shield, points to the risks.
Federal regulators have slapped a Boston area hospital with a $218,000 HIPAA penalty after an investigation following two security incidents. Experts analyze the lessons that the settlement agreement offers.
Covered entities find it difficult to prevent unauthorized access to patient data by members of their staffs. Preventing breaches involving insiders at business associates can be even trickier, as an incident affecting Meritus Health illustrates.
HITRUST says a growing number of healthcare organizations, seeking to improve risk management, are requiring that their business associates comply with its Common Security Framework. But some experts question whether that's a viable strategy.
Recent breaches and regulatory audits have sharpened the focus on third-party risks. How are healthcare entities tackling this critical topic of business associate management? Attorney David Szabo shares insights.
A former hospital CFO has been sentenced to 23 months in federal prison for submitting false documents so a medical center could receive payments under the HITECH Act electronic health records financial incentive program.
Well-known health data privacy expert and federal adviser Deven McGraw is joining the Department of Health and Human Services' Office for Civil Rights as its new deputy director for health information privacy, heading its HIPAA enforcement efforts.
When it comes to health data breaches, business associates are again grabbing headlines, calling attention to the importance of scrutinizing vendors. The latest incident involves a breach that wasn't reported to a covered entity for eight months.
After helping a hospital to pass an audit that assessed compliance with requirements of the HITECH Act "meaningful use" electronic health record incentive program, CISO Mitch Stewart offers this audit prep advice: Beef up your risk assessment.
With regulators gearing up to begin the next phase of HIPAA compliance audits, many covered entities appear to be overconfident about passing that scrutiny, according to the results of ISMG's latest Healthcare Information Security Today survey.