A newly disclosed collaboration between Google and the massive Ascension healthcare system that the partners say is designed to improve patient care is raising serious privacy concerns. That's because the project involves Ascension sharing with Google data on millions of its patients - without their permission.
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
As part of healthcare's digital transformation, payers and providers alike have rolled out patient portals and telemedicine platforms to increase access to care, improve patient participation and decrease healthcare administrative costs.
How secure are these portals? What types of authentication protocols are used to...
Guided by a "human-centered" principle, there is nothing more critical to Tri-Counties Regional Center (TCRC), than protecting and promoting the lives of those with developmental disabilities. That is why TCRC proactively secures Personal Health Information (PHI) to protect the people behind that information. Critical...
As the use of artificial intelligence tools and robotics continues to grow, it's crucial for organizations to assess the potential security risks posed, says attorney Stephen Wu, who reviews key issues in an interview.
The digital revolution has given healthcare organizations new tools to increase team efficiency and improve their customer experience. But it's also opened up new vectors that cybercriminals can use to attack. As your attack surface expands to infrastructure that you don't own or control, becomes increasingly...
An EU General Data Protection Regulation enforcement action against a hospital in Portugal demonstrates complying with GDPR may be even tougher than complying with HIPAA. Regulatory experts analyze the implications of the case.
An inside view of what HHS OCR is seeing on the healthcare sector privacy and security landscape, and what the agency has in the works to address those challenges. That includes:
Insights from OCR's latest breach and compliance investigations of covered entities and BAs.
An update on OCR's HIPAA enforcement...
Block chain, artificial intelligence and machine learning can all play a role in ensuring the security of health data and preventing fraud, says Ajit Ashok Shenvi, director of big data and analytics at Philips' Innovation Campus in India.
This week's edition of the ISMG Security Report features an analysis of whether the U.K.'s fine of Facebook for the Cambridge Analytica scandal is just the beginning of regulatory enforcement action. Plus: A potential settlement of Yahoo breach lawsuit and tips on securing data in the cloud.
Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight?
Leading the latest edition of the ISMG Security Report: An analysis of why it may be too late to secure the 2018 U.S. midterm elections. Also: A close look at the Anthem breach lawsuit settlement and a report on ransomware recovery lessons learned.
As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.
Yesterday's threat detection is not working. Companies must reshape their cybersecurity programs, knowing that attackers are always looking for a way in - or may have already penetrated.
There are numerous ways healthcare organizations can benefit from a deception approach as new cyber vulnerabilities and risks in...
At its core, compliance for HIPAA is simply about maintaining patient privacy by ensuring your users appropriately access and use patient data. Electronic Health Record (EHR) solutions provide detail around when patient data is accessed.
The challenge, however, is the lack of visibility into what users do with...