PRO+ Premium Content/Pulse
Access your Pro+ Content below.
HIPAA compliance not guaranteed with ePHI security

This article is part of the Pulse issue of March 2018, Vol. 6, No. 2
Your healthcare organization believes in a strong cybersecurity program. It employs the latest software to secure patient data, and you feel confident that the clinical files are protected against hackers. This hypothetical setup seems to be solid. The bad news? Those efforts might not comply with HIPAA. That's hard to accept in this age of constantly beefing up technologies to safeguard electronic protected health information (ePHI). But the above scenario illustrates the sometimes forgotten reality that ePHI security and HIPAA privacy obligations don't always work in parallel. "You can't have privacy without security, but you can have security without privacy," said attorney Daniel Farris, partner and co-chair of the technology group at law firm Fox Rothschild LLP. HIPAA broadly divides specifications among its Privacy and Security Rules. The privacy regulations govern how hospitals and other healthcare facilities use and share ePHI, Farris said. Meanwhile, the security provisions cover measures that curtail unauthorized ...
Features in this issue
-
Connected medical device security, AI battle health hackers
More hacker threats, including via connected medical devices, are coming to healthcare organizations, but health IT professionals can look to AI and blockchain for possible help.
-
Healthcare breaches drop, but ransomware attacks rise
Patient data breaches dropped in 2017, mainly due to fewer large-scale breaches, but ransomware strikes intensified and insiders kept hacking.
Columns in this issue
-
New risk to cybersecurity in healthcare: Hacker as a service
Health IT and hospital security professionals must try to stay ahead of cyberattacks against electronic patient records. But now hackers are prepping the next generation.
-
Healthcare ransomware attacks threaten patient safety
Worry about health IT cybersecurity has shifted from hacker-triggered health data breaches to ransomware and malware exploits that shut down hospitals and threaten patient safety.