By the EHRA Privacy & Security Workgroup
Whether you work for a large health system or small physician practice, you know that securing your patients’ data is important, and it’s a responsibility you take seriously. But chances are, you haven’t fully implemented as many cybersecurity best practices as you could. (more…)
Posted by EHRA on October 29, 2018
https://ehrablog.org/2018/10/29/five-easy-healthcare-cybersecurity-tips-from-ehr-developers/
By Nam Nguyen and Sayee Balaji Chandrasekaran, Chair and Vice Chair, EHRA Privacy & Security Workgroup
Cyber-threats are all over the news, including attempts to hack elections, steal corporate trade secrets, and hold medical records for ransom. Phishing is rampant, and is the way most hackers ultimately get into secure systems. The U.S. government has, of course, taken notice, and is taking action on several fronts.
One of those fronts is healthcare, with the release by HHS of the Health Care Industry Cybersecurity Task Force’s “Report on Improving Cybersecurity in the Health Care Industry,” which was delivered to Congress in June 2017. The task force wrote, “Our nation must find a way to prevent our patients from being forced to choose between connectivity and security.”
EHRA welcomes this report, which we view as a path forward for increasing security in the healthcare sector. The report directly aligns with two of EHRA’s privacy and security positions: (more…)
Posted by EHRA on April 5, 2018
https://ehrablog.org/2018/04/05/why-hhs-needs-a-privacy-leader-and-a-cybersecurity-leader/
Earlier this year, ONC published an updated “Guide to Privacy and Security of Electronic Health Information” to help healthcare providers and ambulatory practices understand existing federal law on protected health information (PHI). It provides guidance on how providers can use certified electronic medical record technology (CEHRT) to provide secure communications with their patients and, via secure and interoperable health IT, share patient data with other care providers.
There is a great deal of practical information provided in this guide that helps explain who is and who is not a business associate (BA), per the HIPAA regulations. It also provides clear guidance as to when it is permissible to disclose PHI, when patient authorizations are required, and how to provide patient access to their health information. In addition, there is a useful section on general cybersecurity explaining the threat of cyber-attacks, the use of mobile devices, and email and texting among providers and their patients.
Posted by ewest123 on September 1, 2015
https://ehrablog.org/2015/09/01/privacy-and-security-and-building-patient-trust/
