Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Healthcare AI and HIPAA compliance: 5 key legal questions + answers
Training AI for use in healthcare requires feeding algorithms patient data, and lots of it. This opens data custodians—typically hospitals—to various points of potential legal exposure.
Federal AI security center established, called an ‘overwhelming win’ for businesses, hospitals
The AI Security Center, AISC for short, has as its inaugural leader U.S. Army General Paul Nakasone.
Automated, AI-equipped security tools help hold the line on data breaches
When it comes to identifying and containing data breaches, organizations armed with security AI plus automation spend 108 days fewer than their differently prepared counterparts.
Overheard this week: 6 notable quotes on healthcare AI
‘We need to design and build AI that helps healthcare professionals be better at what they do.’
China’s AI concerns presented for public consumption
Tech-enabled risks are top of mind for the head of the Chinese Communist Party—and AI is prominent among these.

Testing of security for information exchange planned

The National Cybersecurity Center of Excellence plans to test tools and technologies to support the secure exchange of electronic health information, especially for small healthcare providers.

January 16, 2013

Weekly roundup: 2013 starts out big

Chances are good that you are at least somewhat affected by any of the flu-like symptoms currently sweeping the U.S., either personally or via record numbers of patients at your facility. Apparently, 2013 got the memo to go big or go home. From the record levels of flu occurring so early in the year to the three breaches we’ve already reported this year, 2013 is set to have a big impact.

January 10, 2013

CMS pushes HIPAA compliance enforcement back 90 days

The Centers for Medicare & Medicaid Services’ (CMS) Office of E-Health Standards and Services (OESS) has decided not to initiate enforcement action until March 31, with respect to HIPAA-covered entities (including health plans, healthcare providers and clearinghouses, as applicable) not compliant with the operating rules adopted for the following transactions as required by the Patient Protection and Affordable Care Act: eligibility for a health plan and healthcare claim status. Notwithstanding OESS’ discretionary application of its enforcement authority, the compliance date for using the operating rules remains Jan. 1.

January 4, 2013

HHS collects first settlement over smaller breach

The Hospice of North Idaho has agreed to pay the U.S. Department of Health and Human Services (HHS) $50,000 to settle potential violations of the HIPAA Security Rule. This is the first settlement involving a breach of unprotected electronic protected health information affecting fewer than 500 individuals.

January 4, 2013

Small hospital suffers big breach

A stolen laptop is the source of a data breach impacting 29,000 patients of Gibson General Hospital.

January 2, 2013

Kentucky Medicaid breach due to computer scam

More than 1,000 Kentucky Medicaid beneficiaries have been notified that their data may have been compromised as part of a computer scam.

January 2, 2013

4,000 patients impacted in Michigan data breach

The theft of electronic equipment from a vendor employee's car has prompted the University of Michigan Health System (UMHS) to alert approximately 4,000 patients that some of their demographics and health information may have been exposed.

January 2, 2013

Walgreen's faces $16M penalty for illegal record dumping

The Walgreens drugstore chain will pay $16.6 million to settle a California case involving improper disposal of hazardous waste, including confidential patient information, in dumpsters near their stores.

December 19, 2012

Around the web

Health Exec

These health systems have the biggest digital health portfolios

U.S. health systems are increasingly leveraging digital health to conduct their operations, but how health systems are using digital health in their strategies can vary widely.

Health Exec

Toylike robot pleases counseling clients where humanoid counterpart struggles to connect

When human counselors are unavailable to provide work-based wellness coaching, robots can substitute—as long as the workers are comfortable with emerging technologies and the machines aren’t overly humanlike.

Health Exec

Medsender, Patagonia Health team up to aid public health efforts against COVID-19

A vendor that supplies EHR software to public health agencies is partnering with a health-tech startup in the cloud-communications space to equip state and local governments for managing their response to the COVID-19 crisis.

Cybersecurity

Healthcare AI and HIPAA compliance: 5 key legal questions + answers

Federal AI security center established, called an ‘overwhelming win’ for businesses, hospitals

Automated, AI-equipped security tools help hold the line on data breaches

Overheard this week: 6 notable quotes on healthcare AI

China’s AI concerns presented for public consumption

Around the web