All posts tagged Privacy and Security

CISA Proposes Practical Guidelines For Reporting Cyber Incidents

EHR Association Privacy & Security Workgroup

The Cybersecurity and Infrastructure Security Agency (CISA), responsible for coordinating cybersecurity programs within the U.S. and improving the government’s cybersecurity protections, proposed new reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA. The proposed rule lays out what incidents must be reported, by whom, and what the reports must contain. While the EHR Association provided comments of support for most areas, suggestions for potential refinement were also offered. 

(more…)
Leave a comment
by EHR Association on August 21, 2024  •  Permalink
Posted in Health IT Regulation, Privacy and Security
Tagged ,

Posted by EHR Association on August 21, 2024

https://ehrablog.org/2024/08/21/cisa-proposes-practical-guidelines-for-reporting-cyber-incidents/

Success of ONC’s Health IT Strategic Plan Rests on Realistic Expectations, Regulatory Timelines

By Stephanie Jamison (Greenway Health), Chair, and William Hayes, M.D. (Trubridge), Vice Chair, EHR Association

With its Draft 2024-2030 Federal Health IT Strategic Plan, ONC seeks to enhance individual and community health through improved healthcare experiences, advanced research and innovation, and integrated health data systems – important goals the EHR Association finds commendable provided the path taken to achieve them is paved with realistic expectations and timelines for regulations targeting them.

In many ways, the mission and vision laid out by ONC in its strategic plan echoes the objectives of our member companies; namely, advancing the quality and efficiency of care through innovative, interoperable health IT adoption and use. However, our enthusiastic support is tempered by concerns over the potential for too-aggressive compliance timelines and expectations that are beyond the reach of EHR and other health IT developers and the provider organizations utilizing these tools – concerns we shared in our response to ONC’s call for feedback on the Draft Federal Health IT Strategic Plan. 

(more…)
Leave a comment
by EHR Association on May 30, 2024  •  Permalink
Posted in Health IT Regulation, Health IT Standards
Tagged , , ,

Posted by EHR Association on May 30, 2024

https://ehrablog.org/2024/05/30/success-of-oncs-health-it-strategic-plan-rests-on-realistic-expectations-regulatory-timelines/

Genomic Data Sharing Policies Must Protect Patient Privacy, Minimize Risk

By Michael Saito (Epic), Chair & Nam Nguyen, (Allscripts) Vice Chair, EHRA Privacy & Security Workgroup

The National Institutes of Health’s (NIH) ongoing objective of sharing research data sets to facilitate additional study is something EHRA member companies wholly support – as long as it protects patient privacy, ensures patients can provide informed and meaningful consent for use of their data, and minimizes the risk that patients’ genomic and other health data can be re-identified or misused. 

To that end, we took advantage of the NIH’s recent Request for Information (RFI) on the proposed updates to and long-term considerations for its Genomic Data Sharing (GDS) Policy to provide feedback in the key areas of de-identification, potentially identifiable information, and data linkages.

(more…)
Leave a comment
by EHR Association on May 24, 2022  •  Permalink
Posted in Health IT Standards, Interoperability
Tagged , , ,

Posted by EHR Association on May 24, 2022

https://ehrablog.org/2022/05/24/genomic-data-sharing-policies-must-protect-patient-privacy-minimize-risk/

Cybersecurity Career Awareness Week

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Cybersecurity budgets are still lacking with typically 6% or less of the information technology budget allocated for this purpose. A large attack surface exists within many healthcare organizations due to the profound lack of resources.”

Even as cyberattacks are increasing exponentially, businesses including healthcare organizations are facing another significant risk –  a shortage of available, qualified cybersecurity professionals. 

According to the fifth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA), more than 57% of organizations have been negatively impacted by the “cybersecurity skills crisis.” Of the professionals surveyed by ISSA, 95% indicated the skills shortage has not improved in recent years and 44% say it has worsened. 

(more…)
Leave a comment
by EHR Association on October 18, 2021  •  Permalink
Posted in Uncategorized
Tagged , ,

Posted by EHR Association on October 18, 2021

https://ehrablog.org/2021/10/18/cybersecurity-career-awareness-week/

Have you updated your software today?

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Relatively few healthcare organizations are conducting end-to-end security risk assessments. Sensitive information is exposed and such systems are vulnerable to attack.”

A simple yet important precaution to reduce cybersecurity risks is ensuring software updates and patches are applied in a timely manner. Though they are easy to ignore, most software updates or patches are important, as they address a vulnerability or security flaw in the endpoint of computer systems or medical devices. 

Healthcare organizations have been increasingly targeted with ransomware and other cyberattacks since the beginning of the COVID-19 pandemic. This has shown hackers’ ability to endanger healthcare organizations’ operations as well as patient lives. 

(more…)
Leave a comment
by EHR Association on October 11, 2021  •  Permalink
Posted in Privacy and Security
Tagged , ,

Posted by EHR Association on October 11, 2021

https://ehrablog.org/2021/10/11/have-you-updated-your-software-today/

Privacy and Security, and Building Patient Trust

Earlier this year, ONC published an updated “Guide to Privacy and Security of Electronic Health Information” to help healthcare providers and ambulatory practices understand existing federal law on protected health information (PHI).  It provides guidance on how providers can use certified electronic medical record technology (CEHRT) to provide secure communications with their patients and, via secure and interoperable health IT, share patient data with other care providers.

There is a great deal of practical information provided in this guide that helps explain who is and who is not a business associate (BA), per the HIPAA regulations.   It also provides clear guidance as to when it is permissible to disclose PHI, when patient authorizations are required, and how to provide patient access to their health information.  In addition, there is a useful section on general cybersecurity explaining the threat of cyber-attacks, the use of mobile devices, and email and texting among providers and their patients.

(more…)

Leave a comment
by ewest123 on September 1, 2015  •  Permalink
Posted in General, Privacy and Security, Public Policy and Health IT
Tagged , , , ,

Posted by ewest123 on September 1, 2015

https://ehrablog.org/2015/09/01/privacy-and-security-and-building-patient-trust/

Newer Posts »

  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 198 other subscribers

  • Contact Us

    Kasey Nicholoff
    staff @ ehra.org

    Amanda Patanow
    Communications and Media
    ehracomms @ npccs.com