Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Healthcare AI and HIPAA compliance: 5 key legal questions + answers
Training AI for use in healthcare requires feeding algorithms patient data, and lots of it. This opens data custodians—typically hospitals—to various points of potential legal exposure.
Federal AI security center established, called an ‘overwhelming win’ for businesses, hospitals
The AI Security Center, AISC for short, has as its inaugural leader U.S. Army General Paul Nakasone.
Automated, AI-equipped security tools help hold the line on data breaches
When it comes to identifying and containing data breaches, organizations armed with security AI plus automation spend 108 days fewer than their differently prepared counterparts.
Overheard this week: 6 notable quotes on healthcare AI
‘We need to design and build AI that helps healthcare professionals be better at what they do.’
China’s AI concerns presented for public consumption
Tech-enabled risks are top of mind for the head of the Chinese Communist Party—and AI is prominent among these.

Addressing the security challenges of devices

BOSTON—The three elements of patient data security are confidentiality, integrity and availability, which all must be factored into a program that successfully secures the vulnerabilities of medical devices, according to the speakers at a session of the second annual HIMSS Privacy & Security Forum.

September 26, 2013

Safeguard your organization when using the cloud

BOSTON—In just a few short years, cloud computing has gone from being viewed with caution and skepticism in the healthcare industry to organizations seeing it as an aid to fight information silos and achieve interoperability, according to speakers at the second annual HIMSS Privacy & Security Forum. But, be proactive to make it work effectively.

September 25, 2013

ONC privacy officer talks culture, human error, ROI

BOSTON—HITECH ensures that providers have the technology to comply with HIPAA, and HIPAA offers an incentive for providers to include in other parts of their business outside of the EHR system, said Joy Pritts, JD, chief privacy officer at the Office of the National Coordinator for Health IT, during the second annual HIMSS Privacy & Security Forum.

September 25, 2013

Partners CISO: 'Don't let HIPAA drive efforts'

BOSTON—The healthcare industry needs to stop letting HIPAA drive privacy and security efforts and focus on the patient instead, said Jennings Aske, JD, chief information security and privacy officer at Partners HealthCare in Boston, who spoke during the second annual HIMSS Privacy & Security Forum.

September 25, 2013

Most cyberattacks are easy to execute

BOSTON--The vast majority (78 percent) of cyberattacks across all industries require low or very low difficulty to execute. “I could teach this room in one day how to do a low difficulty attack,” said Chris Wysopal, chief technology officer of Vericode, speaking at the second annual HIMSS Privacy & Security Forum.

September 24, 2013

Rodriguez outlines OCR's enforcement priorities

BOSTON--Speaking at the second annual HIMSS Privacy & Security Forum on Sept. 23, Office for Civil Rights Director Leon Rodriguez acknowledged the significance of the date. “Critical elements of the Omnibus Rule go into effect. Despite the changes, I would like to point out that the sun has risen in the same way today.”

September 24, 2013

OCR delays some HIPAA requirements

The Office for Civil Rights of the Department of Health and Human Services is delaying its enforcement of the requirement that certain HIPAA–covered laboratories revise their Notices of Privacy Practices to comply with the modifications made to the HIPAA rules published in the Federal Register on Jan. 25, also known as the Omnibus Rule.

September 24, 2013

Model privacy practice notices available

Model Notices of Privacy Practices are available for healthcare providers and health plans to use to communicate with their patients and plan members.

September 16, 2013

Around the web

Health Exec

These health systems have the biggest digital health portfolios

U.S. health systems are increasingly leveraging digital health to conduct their operations, but how health systems are using digital health in their strategies can vary widely.

Health Exec

Toylike robot pleases counseling clients where humanoid counterpart struggles to connect

When human counselors are unavailable to provide work-based wellness coaching, robots can substitute—as long as the workers are comfortable with emerging technologies and the machines aren’t overly humanlike.

Health Exec

Medsender, Patagonia Health team up to aid public health efforts against COVID-19

A vendor that supplies EHR software to public health agencies is partnering with a health-tech startup in the cloud-communications space to equip state and local governments for managing their response to the COVID-19 crisis.

Cybersecurity

Healthcare AI and HIPAA compliance: 5 key legal questions + answers

Federal AI security center established, called an ‘overwhelming win’ for businesses, hospitals

Automated, AI-equipped security tools help hold the line on data breaches

Overheard this week: 6 notable quotes on healthcare AI

China’s AI concerns presented for public consumption

Around the web