Monthly Healthcare News Roundup: Rethinking Patient Data Privacy in the Digital Age, How GDPR and CCPA Could Impact Healthcare, and More

January 16, 2020 Michela Duggan

Monthly Healthcare News Roundup: Rethinking Patient Data Privacy in the Digital Age, How GDPR and CCPA Could Impact Healthcare, and More

Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn about rethinking patient data privacy in the digital age, how GDPR and CCPA could impact healthcare, and more.

Rethinking patient data privacy in the era of digital health

Technology has transformed the healthcare landscape over the past 10 years. And HIPAA, healthcare’s primary privacy and security regulation, was enacted well before the past decade’s technological innovations, creating gaps in the law’s ability to protect sensitive patient data. Personal health information collected on social media, fitness trackers, and apps for managing physical and mental health is ultimately sent to third parties, employers, and advertisers – often without consent.

As lawmakers look to refresh policies on sharing personal information, they’ve also begun to recognize the need for HIPAA to evolve to meet technological advancements. In this Health Affairs article, learn more about what can be done to modernize HIPAA and protect confidential patient information in the digital age.

The biggest threats to the healthcare business in the next decade

For clinicians, there will always be sick patients to treat – and healthy ones to advise. But roadblocks that have emerged in the last 10 years cause challenges for healthcare professionals trying to focus on treatment. And as we enter a new decade, threats are predicted to mount in the coming years, including:

  • Physician burnout
  • Cybersecurity
  • IT integration
  • The data gap
  • Economic volatility
  • Policy changes
  • Lagging antibiotic development

To learn more about these risks and what can be done to mitigate them, read the full article.

7 steps to pass, or better yet avoid, an OCR security audit

When a healthcare organization experiences a data breach impacting 500 people or more, it must report the incident to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). And after a breach occurs – or if a complaint has been filed against a health system – the chances that you will be audited by the OCR increase. Regardless of whether the breach was large or small, HIPAA violation fines can be hefty if the health system showed that they failed to make a genuine effort to prevent and contain incidents.

To help organizations survive and thrive through OCR audits – or prevent them entirely – this article has detailed seven ways to stay afloat and avoid costly fines.

The potential impact of GDPR and CCPA on federal health care privacy

Although the United States doesn’t have a national privacy law yet, new regulations like the EU’s GDPR and the California Consumer Privacy Act (CCPA) are sparking a national debate about adopting one. And although healthcare is a highly regulated industry with laws like HIPAA, it hasn’t been heavily included in the conversation.

But because HIPAA was created before the technological advancements of the past 15 years – and considering that healthcare safeguards personally identifiable information (PII) on top of health data – businesses and health apps have taken advantage of loopholes in the law, allowing them to collect personal health information (PHI) in a way that isn’t yet regulated. In this article by IAPP, discover how additional privacy laws like GDPR and CCPA can protect the privacy of PHI even where HIPAA doesn’t apply.

Healthcare industry to spend $65 billion on cybersecurity from 2017 to 2021

Global cybersecurity advisory firm Herjavec Group has released the 2020 Healthcare Cybersecurity Report, which reveals that healthcare as an industry is poised to spend over $65 billion on cybersecurity in the five-year period from 2017-2021. In an atmosphere where patients are being turned away and medical facilities are even closing their doors due to cyberattacks, there is no greater time than now for healthcare organizations to invest in cybersecurity. For more information and statistics on threats ranging from insider threats to ransomware, read the full Cybercrime Magazine article.

Health data breach tally: trends in 2019

By the middle of December 2019, 462 major healthcare industry breaches were added to the HHS’ “wall of shame” for the year. From these incidents, which include breaches affecting 500 or more people, certain trends emerged:

  • 272 were hacking/IT incidents which affected nearly 36 million individuals, or about 88% of organizations impacted by breaches last year
  • 136 were “unauthorized access/disclosure” breaches, which affected 4.6 million individuals or 11%
  • 30 breaches were due to “loss” or “theft” of unencrypted computing devices, impacting about 266,000 individuals or less than 1%
  • 108 breaches had business associates “present.” Those breaches affected nearly 24.8 million individuals, or about 60%

Read the full article to learn more about the past year’s healthcare breach trends.

Previous Article
The NIST Privacy Framework: How Does It Compare to the Cybersecurity Framework?
The NIST Privacy Framework: How Does It Compare to the Cybersecurity Framework?

The new NIST Privacy Framework is designed to help organizations improve individuals’ privacy through enter...

Next Article
FairWarning Year in Review: Top 10 Articles Detailing the Importance of Privacy in Healthcare
FairWarning Year in Review: Top 10 Articles Detailing the Importance of Privacy in Healthcare

Creating a culture of patient data privacy, insider threats, interoperability – 2019 saw an increase in awa...