Five Easy Healthcare Cybersecurity Tips From EHR Developers

By the EHRA Privacy & Security Workgroup

cyber blog graphic 1Whether you work for a large health system or small physician practice, you know that securing your patients’ data is important, and it’s a responsibility you take seriously. But chances are, you haven’t fully implemented as many cybersecurity best practices as you could. (more…)

Why HHS Needs a Privacy Leader and a Cybersecurity Leader

By Nam Nguyen and Sayee Balaji Chandrasekaran, Chair and Vice Chair, EHRA Privacy & Security Workgroup

_Security and Privacy are not the same. A Security leader_s primary concern is protecting and securing data. A Privacy leader_s primary concern is who can access certain data and whaCyber-threats are all over the news, including attempts to hack elections, steal corporate trade secrets, and hold medical records for ransom. Phishing is rampant, and is the way most hackers ultimately get into secure systems. The U.S. government has, of course, taken notice, and is taking action on several fronts.

One of those fronts is healthcare, with the release by HHS of the Health Care Industry Cybersecurity Task Force’s “Report on Improving Cybersecurity in the Health Care Industry,” which was delivered to Congress in June 2017.  The task force wrote, “Our nation must find a way to prevent our patients from being forced to choose between connectivity and security.”

EHRA welcomes this report, which we view as a path forward for increasing security in the healthcare sector.  The report directly aligns with two of EHRA’s privacy and security positions: (more…)

Privacy and Security, and Building Patient Trust

Earlier this year, ONC published an updated “Guide to Privacy and Security of Electronic Health Information” to help healthcare providers and ambulatory practices understand existing federal law on protected health information (PHI).  It provides guidance on how providers can use certified electronic medical record technology (CEHRT) to provide secure communications with their patients and, via secure and interoperable health IT, share patient data with other care providers.

There is a great deal of practical information provided in this guide that helps explain who is and who is not a business associate (BA), per the HIPAA regulations.   It also provides clear guidance as to when it is permissible to disclose PHI, when patient authorizations are required, and how to provide patient access to their health information.  In addition, there is a useful section on general cybersecurity explaining the threat of cyber-attacks, the use of mobile devices, and email and texting among providers and their patients.

(more…)