All posts in category Privacy and Security

Strategic Healthcare Leaders Recognize Cybersecurity As A Patient Safety Risk

By the EHRA Privacy & Security Workgroup

Cybersecurity leadership quote(1)For many C level executives in a healthcare organization, cybersecurity equates to risk of a cyberattack that results in a Health Insurance Portability and Accountability Act (HIPAA) breach and fine. 

The bigger risk posed by a cyberattack, however, is to patient safety. If you get anything from this blog post, it should be this: Cybersecurity incidents affect more than HIPAA compliance, and should be treated as a patient safety risk. 

By categorizing cyberattacks as a patient safety risk, it escalates the importance of cybersecurity as more than mitigating a potential HIPAA fine.

(more…)

Leave a comment
by EHRA on October 15, 2019  •  Permalink
Posted in Patient Safety and Health IT, Privacy and Security

Posted by EHRA on October 15, 2019

https://ehrablog.org/2019/10/15/strategic-healthcare-leaders-recognize-cybersecurity-as-a-patient-safety-risk/

Ransomware: Lessons from the Front Lines

By EHRA Privacy & Security Workgroup

The ER was bustling with a full cast of colorful characters, as it always is on Halloween, when creepy messages started appearing on every single device: 

Ransomware message3

(more…)

Leave a comment
by EHRA on October 8, 2019  •  Permalink
Posted in Case Studies and Personal Stories, Privacy and Security

Posted by EHRA on October 8, 2019

https://ehrablog.org/2019/10/08/ransomware-lessons-from-the-front-lines/

Five Easy Healthcare Cybersecurity Tips From EHR Developers

By the EHRA Privacy & Security Workgroup

FIVE SIMPLE HEALTHCARE CYBERSECURITY TIPSWhether you work for a large health system or small physician practice, you know that securing your patients’ data is important, and it’s a responsibility you take seriously. But chances are, you haven’t fully implemented as many cybersecurity best practices as you could.
 (more…)

1 Comment
by EHRA on October 29, 2018  •  Permalink
Posted in Privacy and Security

Posted by EHRA on October 29, 2018

https://ehrablog.org/2018/10/29/five-easy-healthcare-cybersecurity-tips-from-ehr-developers/

Why HHS Needs a Privacy Leader and a Cybersecurity Leader

By Nam Nguyen and Sayee Balaji Chandrasekaran, Chair and Vice Chair, EHRA Privacy & Security Workgroup

_Security and Privacy are not the same. A Security leader_s primary concern is protecting and securing data. A Privacy leader_s primary concern is who can access certain data and whaCyber-threats are all over the news, including attempts to hack elections, steal corporate trade secrets, and hold medical records for ransom. Phishing is rampant, and is the way most hackers ultimately get into secure systems. The U.S. government has, of course, taken notice, and is taking action on several fronts.

One of those fronts is healthcare, with the release by HHS of the Health Care Industry Cybersecurity Task Force’s “Report on Improving Cybersecurity in the Health Care Industry,” which was delivered to Congress in June 2017.  The task force wrote, “Our nation must find a way to prevent our patients from being forced to choose between connectivity and security.”

EHRA welcomes this report, which we view as a path forward for increasing security in the healthcare sector.  The report directly aligns with two of EHRA’s privacy and security positions: (more…)

2 Comments
by EHRA on April 5, 2018  •  Permalink
Posted in Privacy and Security, Public Policy and Health IT

Posted by EHRA on April 5, 2018

https://ehrablog.org/2018/04/05/why-hhs-needs-a-privacy-leader-and-a-cybersecurity-leader/

Privacy and Security, and Building Patient Trust

Earlier this year, ONC published an updated “Guide to Privacy and Security of Electronic Health Information” to help healthcare providers and ambulatory practices understand existing federal law on protected health information (PHI).  It provides guidance on how providers can use certified electronic medical record technology (CEHRT) to provide secure communications with their patients and, via secure and interoperable health IT, share patient data with other care providers.

There is a great deal of practical information provided in this guide that helps explain who is and who is not a business associate (BA), per the HIPAA regulations.   It also provides clear guidance as to when it is permissible to disclose PHI, when patient authorizations are required, and how to provide patient access to their health information.  In addition, there is a useful section on general cybersecurity explaining the threat of cyber-attacks, the use of mobile devices, and email and texting among providers and their patients.

(more…)

Leave a comment
by ewest123 on September 1, 2015  •  Permalink
Posted in General, Privacy and Security, Public Policy and Health IT
Tagged , , , ,

Posted by ewest123 on September 1, 2015

https://ehrablog.org/2015/09/01/privacy-and-security-and-building-patient-trust/