Under HIPAA Omnibus, many cloud computing providers are considered business associates directly liable for HIPAA compliance. What safeguards to protect health data should covered entities expect cloud providers to implement?
In this week's roundup, University of Virginia students' Social Security numbers were exposed on mailed health insurance brochures. Also, a California hospital reports a case of inappropriate records access by a staff member.
Federal authorities have indicted five Russians and Ukrainians linked to Heartland hacker Albert Gonzalez for the roles they allegedly played in a credit and debit card fraud scheme that compromised more than 160 million cards.
Providing patients with more transparency into who's electronically requesting their health information can not only improve data privacy, but also help patients catch record errors and ID theft, says David Staggs, a participant in a new pilot.
The National Security Agency is piloting a new program, as a result of the Edward Snowden incident, in which systems administrators with top-secret clearance can access certain secret documents only with the approval of another colleague.
Because state HIEs vary in connectivity and interoperability levels, secure e-mail based on the Direct Project offers a dependable way of sharing patient data during a disaster, says Tia Tinney of the Southeast Region Collaborative for HIT.
A former respiratory therapist has pleaded guilty in an ID theft case involving more than 800 patient records. A security expert explains why detecting insider fraud can be difficult and offers prevention tips.