Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn about rethinking patient data privacy in the digital age, how GDPR and CCPA could impact healthcare, and more.
Technology has transformed the healthcare landscape over the past 10 years. And HIPAA, healthcare’s primary privacy and security regulation, was enacted well before the past decade’s technological innovations, creating gaps in the law’s ability to protect sensitive patient data. Personal health information collected on social media, fitness trackers, and apps for managing physical and mental health is ultimately sent to third parties, employers, and advertisers – often without consent.
As lawmakers look to refresh policies on sharing personal information, they’ve also begun to recognize the need for HIPAA to evolve to meet technological advancements. In this Health Affairs article, learn more about what can be done to modernize HIPAA and protect confidential patient information in the digital age.
For clinicians, there will always be sick patients to treat – and healthy ones to advise. But roadblocks that have emerged in the last 10 years cause challenges for healthcare professionals trying to focus on treatment. And as we enter a new decade, threats are predicted to mount in the coming years, including:
- Physician burnout
- IT integration
- The data gap
- Economic volatility
- Policy changes
- Lagging antibiotic development
To learn more about these risks and what can be done to mitigate them, read the full article.
When a healthcare organization experiences a data breach impacting 500 people or more, it must report the incident to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). And after a breach occurs – or if a complaint has been filed against a health system – the chances that you will be audited by the OCR increase. Regardless of whether the breach was large or small, HIPAA violation fines can be hefty if the health system showed that they failed to make a genuine effort to prevent and contain incidents.
To help organizations survive and thrive through OCR audits – or prevent them entirely – this article has detailed seven ways to stay afloat and avoid costly fines.
Although the United States doesn’t have a national privacy law yet, new regulations like the EU’s GDPR and the California Consumer Privacy Act (CCPA) are sparking a national debate about adopting one. And although healthcare is a highly regulated industry with laws like HIPAA, it hasn’t been heavily included in the conversation.
But because HIPAA was created before the technological advancements of the past 15 years – and considering that healthcare safeguards personally identifiable information (PII) on top of health data – businesses and health apps have taken advantage of loopholes in the law, allowing them to collect personal health information (PHI) in a way that isn’t yet regulated. In this article by IAPP, discover how additional privacy laws like GDPR and CCPA can protect the privacy of PHI even where HIPAA doesn’t apply.
Global cybersecurity advisory firm Herjavec Group has released the 2020 Healthcare Cybersecurity Report, which reveals that healthcare as an industry is poised to spend over $65 billion on cybersecurity in the five-year period from 2017-2021. In an atmosphere where patients are being turned away and medical facilities are even closing their doors due to cyberattacks, there is no greater time than now for healthcare organizations to invest in cybersecurity. For more information and statistics on threats ranging from insider threats to ransomware, read the full Cybercrime Magazine article.
By the middle of December 2019, 462 major healthcare industry breaches were added to the HHS’ “wall of shame” for the year. From these incidents, which include breaches affecting 500 or more people, certain trends emerged:
- 272 were hacking/IT incidents which affected nearly 36 million individuals, or about 88% of organizations impacted by breaches last year
- 136 were “unauthorized access/disclosure” breaches, which affected 4.6 million individuals or 11%
- 30 breaches were due to “loss” or “theft” of unencrypted computing devices, impacting about 266,000 individuals or less than 1%
- 108 breaches had business associates “present.” Those breaches affected nearly 24.8 million individuals, or about 60%
Read the full article to learn more about the past year’s healthcare breach trends.