This case study is from a large healthcare organization, with dozens of hospitals and tens of thousands of employees who wanted to expand their ability to assess manage and respond to security risks across the enterprise. Their home-grown tools and spreadsheets were inefficient, not able to scale and presented...
As President Trump approaches day 100 of his presidency April 29, it's time to assess the impact of his administration so far on health data privacy, security and related health IT issues. Do we have any more clarity now than we did when he took office in January?
Federal regulators have smacked a mobile heart-monitoring technology firm with a $2.5 million HIPAA settlement related to findings from an investigation into a 2012 breach involving a stolen unencrypted laptop. What factors led to the substantial penalty?
Federal regulators, in their latest HIPAA settlement, are again reminding healthcare entities about the importance of having business associate agreements with vendors that handle patients' protected health information.
A class action lawsuit against telehealth software vendor MDLive shines a spotlight on regulatory gaps and other murky privacy and security issues related to the growing use of consumer health applications.
The FDA has warned Abbott that it must submit a plan within 15 days to address previously identified cybersecurity vulnerabilities and other potential safety issues in certain cardiac devices of St. Jude Medical, which Abbott Labs acquired in January.
What should healthcare entities and business associates expect when faced with a data breach investigation or compliance audit by federal regulators? Attorney Marti Arvin discusses the do's and don'ts.
NIST's proposed update to its cybersecurity framework needs to better address specific concerns of the healthcare sector, say some industry groups commenting on the recently released draft. So, what are they asking NIST to do?
Healthcare industry organizations are again asking Congress to ease a ban that prohibits the Department of Health and Human Services from funding unique patient identifiers, saying that a failure to act will be detrimental to the success of healthcare information exchange.
A Texas-based pediatric practice is the latest healthcare entity to report a major data breach following a recent ransomware attack, despite the organization's efforts to mitigate the incident quickly.
The Department of Health and Human Services is making progress in building its new team to lead IT-related efforts, including addressing health data privacy and security matters. Among the appointments: Donald Rucker, M.D., is the new national coordinator for health IT.
What's in store for health data privacy and security initiatives in the Trump administration, now that a new leader for the HHS Office for Civil Rights, which enforces HIPAA, has been selected? Healthcare attorney Kirk Nahra, a regulatory expert, offers an assessment.
Recent settlements between New York State's attorney general office and three mobile app vendors for misleading privacy and marketing practices could have implications for other developers, especially if other states follow suit with their own enforcement actions, some legal experts say.
Since March 2016, the OCR has been increasingly aggressive in bringing enforcement actions against healthcare organizations who have had PHI compromised through data breaches.
Get this guide to learn the important aspects of the Health Information Portability and Accountability Act (HIPAA) and how an appropriate...