Access your Pro+ Content below.
HIPAA compliance not guaranteed with ePHI security
This article is part of the Pulse issue of March 2018, Vol. 6, No. 2
Your healthcare organization believes in a strong cybersecurity program. It employs the latest software to secure patient data, and you feel confident that the clinical files are protected against hackers. This hypothetical setup seems to be solid. The bad news? Those efforts might not comply with HIPAA. That's hard to accept in this age of constantly beefing up technologies to safeguard electronic protected health information (ePHI). But the above scenario illustrates the sometimes forgotten reality that ePHI security and HIPAA privacy obligations don't always work in parallel. "You can't have privacy without security, but you can have security without privacy," said attorney Daniel Farris, partner and co-chair of the technology group at law firm Fox Rothschild LLP. HIPAA broadly divides specifications among its Privacy and Security Rules. The privacy regulations govern how hospitals and other healthcare facilities use and share ePHI, Farris said. Meanwhile, the security provisions cover measures that curtail unauthorized ...
Features in this issue
More hacker threats, including via connected medical devices, are coming to healthcare organizations, but health IT professionals can look to AI and blockchain for possible help.
Patient data breaches dropped in 2017, mainly due to fewer large-scale breaches, but ransomware strikes intensified and insiders kept hacking.
Medical facilities sometimes believe security is equivalent to compliance with HIPAA -- but not so fast. Organizations must consider other aspects when guarding patient data.
Columns in this issue
Health IT and hospital security professionals must try to stay ahead of cyberattacks against electronic patient records. But now hackers are prepping the next generation.
Worry about health IT cybersecurity has shifted from hacker-triggered health data breaches to ransomware and malware exploits that shut down hospitals and threaten patient safety.
Hospital CIOs who want to ensure that their environments are protected should be sure to implement multifactor authentication and AI-based monitoring to prevent data breaches.