In the latest move in its ongoing initiative to enforce a HIPAA provision granting patients the right to access their records, federal regulators have slapped an Arizona integrated healthcare system with a $200,000 fine for failing to provide two individuals with timely records access.
A Baltimore medical center that suffered a ransomware attack a month ago and pulled its electronic health record system offline as a precaution is finally beginning to restore access to the system, the organization's CEO says. It's the latest example of how cyberattacks can derail EHRs.
The lingering aftershocks of an October ransomware attack and ongoing COVID-19 response challenges are forcing the University of Vermont Health Network to delay the next phases of an enterprisewide electronic health record rollout.
As federal regulators intensify their focus on compliance with requirements to provide patients with access to their health information, healthcare organizations need to sort through a variety of emerging challenges, says health information management and privacy expert Rita Bowen.
In the year ahead, healthcare organizations must be prepared to face an assortment of advancing security threats, including those that damage the integrity of critical patient data, says Rod Piechowski of the Healthcare Information and Management Systems Society.
Electronic health records potentially can be exposed in many ways. For example, in one recent incident, information on thousands of patients was apparently left exposed on an unsecured cloud server. And in another, critical security vulnerabilities in an open-source EHR system put patients' data at risk.
Federal regulators have issued detailed final rules containing provisions that allow hospitals and healthcare delivery systems to donate cybersecurity technology, such as software, hardware and services, to physician practices.
Federal regulators Thursday issued their 11th HIPAA settlement - the ninth in recent months - involving a patient right of access to records case. The resolution agreement with a Queens, New York, physician's practice calls for a $15,000 penalty and adoption of a corrective action plan.
Cybersecurity professionals operate in a dynamic environment driven by two accelerating forces; threat developments and the rapid adoption of new technologies. And yet most companies still rely on discrete snapshots of their security performance.
Healthcare organizations must cope with both forces - they have...
The Department of Health and Human Services last week issued its 10th settlement involving a HIPAA "right of access" case since launching its patient records access initiative last year. But how might HIPAA enforcement priorities at HHS' Office for Civil Rights change under a Biden administration?
Citing the stretched health IT resources and heavy workloads healthcare organizations face as a result of the COVID-19 pandemic, federal regulators are delaying compliance deadlines for information blocking and health IT interoperability regulations.
Many healthcare organizations are failing to address shortcomings in security risk management for their supply chains, says former healthcare CIO David Finn, describing findings of a recent study assessing the state of cybersecurity in the sector.