Health IT vendor Allscripts says it has reached a preliminary $145 million settlement with the Department of Justice related to the business practices of Practice Fusion, an EHR vendor the company acquired last year. Among the issues involved are HIPAA, HITECH Act and Anti-Kickback Statute compliance.
DirectTrust's new effort to develop a standard for instant messaging in healthcare could potentially help providers securely communicate in real time over multiple platforms, says Scott Stuewe, the nonprofit alliance's president and CEO.
A watchdog agency review of a VA medical center in California spotlights security issues involving medical device "workarounds" that some experts say are common but often overlooked or underestimated risks.
A lawsuit against the University of Chicago Medical Center and Google seeking class action status points to the important privacy and security issues raised when sharing patient data for research purposes - and whether data can be truly "de-identified."
A Kansas hospital has agreed to pay $250,000 to settle allegations that it falsely attested to conducting a security risk analysis as required under the HITECH Act electronic health records financial incentives program. Two whistleblowers in the case will receive $50,000 from the settlement.
Federal regulators have smacked a cloud-based electronics health records vendor with a $100,000 HIPAA settlement in the wake of a 2015 cyberattack that affected millions of individuals. What's the focus of the enforcement action?
Federal regulators and medical device maker Philips have issued alerts about a security vulnerability in the company's Tasy electronic medical records system that could put patient data at risk. How common is this type of vulnerability?
Healthcare stakeholders and security and privacy experts are sizing up the second draft of the government's Trusted Exchange Framework and Common Agreement, the latest in a decades-long series of attempts to pave the way for secure national exchange of health information to improve patient outcomes.
The Department of Health and Human Services has yet to take certain critical actions to help enhance cybersecurity, according to a new GAO report that lists hundreds of recommendations for improving operations that have not been implemented.
Among the hundreds of responses to a federal request for comments about potential changes to the HIPAA rules were suggestions for "safe harbors" that would shelter organizations with strong security strategies from HIPAA enforcement actions after a health data breach.
Guided by a "human-centered" principle, there is nothing more critical to Tri-Counties Regional Center (TCRC), than protecting and promoting the lives of those with developmental disabilities. That is why TCRC proactively secures Personal Health Information (PHI) to protect the people behind that information. Critical...
The HHS Office for Civil Rights is paying particular attention to complaints involving patients' access to their health information; it's also focusing on investigations of organizations with patterns of HIPAA noncompliance, Nick Heesters of the agency explains in an interview at the HIMSS19 conference.
For the second time, the Department of Justice has imposed a substantial fine on an electronic health records software vendor in a case that involves data accuracy and integrity issues that could affect patient safety.