113 results.
[1] 2 3
Standards for Safety, Security, and Interoperability of Medical Devices in an Integrated Health Information Environment
Author: Williams, Patricia A.H
Source: Journal of AHIMA
Publication Date: April 2017
Information sharing between healthcare organizations increasingly includes the use of electronic health records (EHRs) as well as data from medical devices that have been integrated into existing networks. When exchanging such data, providers should be mindful not only of the interoperabil....
Things Privacy Officers Can Do Today to Defend Against a Cyberattack
Author: Arvin, Marti
Source: Journal of AHIMA
Publication Date: April 2017
One might ask why a privacy officer even needs to worry about defending against a cyberattack—isn’t that the role of the chief information security officer and the chief information officer? The answer is no. Cyberattacks are not always about technology. The privacy officer is not generall....
Statistically, What’s the Chance of a Breach?
Author: Wiedemann, Lou Ann
Source: Journal of AHIMA
Publication Date: March 2017
According to the Department of Health and Human Services Office for Civil Rights (OCR), from January 2016 to November 2016 approximately 169,013,996 people were affected by 1,737 healthcare breaches. The Ponemon Institute estimates that data breaches could cost the healthcare industry as m....
Considerations for Contracting with Cybersecurity Firms
Author: Glondys, Barbara
Source: Journal of AHIMA
Publication Date: July 2016
On March 28, 2016, the information systems at 10 MedStar Health hospital locations were attacked by a virus that prevented certain users from logging in to the organization’s information systems. The organization immediately moved to back-up systems using paper transactions. All facilitie....
Information Governance for Offsite Data Security
Author: Saharia, Devendra
Source: Journal of AHIMA
Publication Date: April 2016
Disruptive technology can turn any industry on its head—virtually overnight. Just five years ago, summoning a taxi was an inefficient, time-consuming effort that often involved dialing up a dispatcher, who contacted a driver, who would then make their way to your location, perhaps in an h....
Privacy and Security a Gordian Knot Far From Being Cut
Author: Gordon, Lynne Thomas
Source: Journal of AHIMA
Publication Date: April 2016
Recently, the New York Times ran a provocative opinion piece that called for increased use of patient data for research purposes. “When I explain to my own patients what can be done with their medical information for the greater good in research, nobody has ever said to me ‘don....
Shifting from Reactive to Proactive HIPAA Audits
Author: Brinda, Danika
Source: Journal of AHIMA
Publication Date: January 2016
Stories about workforce members inappropriately accessing health information continue to plague the Department of Health and Human Services’ Data Breach Portal—which lists US provider data breaches that affect more than 500 individuals. Recently two data breaches reported on th....
DIY Privacy Risk Assessments
Author: Butler, Mary
Source: Journal of AHIMA - website
Publication Date: November 2015
The HIM Problem
Completing regular privacy risk assessments is one of the most proactive ways of preventing healthcare privacy breaches. However, finding helpful tools for these assessments is hard to come by.
The HIM Problem Solver: Sharon Lewis, MBA, RHIA, CHPS, CP....
Cybersecurity 101
Author: Lucci, Susan; Walsh, Tom
Source: Journal of AHIMA
Publication Date: November 2015
One of the most alarming statistics in the news, which is growing with intent and severity, is the prevalence of cyber-attacks, particularly in healthcare. It is an alarming trend that has gained a good deal of attention. For example, in July 2015, UCLA reported that up to 4.5 million pati....
Evolving Role of the Privacy and Security Officer
Author: Bowen, Rita K.
Source: Journal of AHIMA
Publication Date: June 2015
Fifteen years ago, many individuals accepted the role of the privacy officer with a perception that it would be a role involving the education and training of individuals on HIPAA rules and regulations, developing policy, and responding to reported incidents. The security officer was focu....
Privacy Holes in the 'Hidden Healthcare System': Students' PHI-laden Education Records that are Stored and Shared Electronically Don’t Have the Same Safeguards as most EHRs
Author: DuBravec, Daniel A; Daigle, Matt
Source: Journal of AHIMA
Publication Date: June 2015
With student safety and privacy an increasing parental concern, school administrators nationwide are sitting on a powder keg of potential backlash because of a gray area of student privacy protections that Julia Lear, senior advisor for the Center of Health and Health Care in Schools at G....
Sample (Chief) Security Officer Job Description
Author: AHIMA Privacy and Security Practice Council
Source: AHIMA sample job description
Publication Date: May 2015
Position Title: (Chief) Security Officer1
Immediate Supervisor: Chief Executive Officer, (Chief) Compliance Officer, Senior Executive (Chief operating officer, CIO), (Senior) In-house Counsel, or Practice Manager; Corporate/Administrative Oversight Services Information Syste....
Beware the Dark Side of the Web
Author: Journal of AHIMA Staff
Source: Journal of AHIMA
Publication Date: May 2015
Unless they know exactly what to look for, most Internet users wouldn’t know that a “Dark Web” exists or what it is—let alone the potential for harm that can be done with it.
But the dark side of the web is out there, and its proprietors want your medical information.
....
Biggest Security Lapses for 2014-2015 and How to Handle Them
Author: Butler, Mary
Source: Journal of AHIMA - website
Publication Date: April 2015
In the privacy and security world, whenever a big health data breach makes the news, HIPAA experts warn that it’s only the beginning and the news will only get worse. Over the last year that has certainly been the case as the size and scope of breaches has climbed.....
Consumer Access to EHRs Could Help Improve Security Efforts
Author: Butler, Mary
Source: Journal of AHIMA - website
Publication Date: April 2015
This is the second installment of the Journal of AHIMA’s special series for Privacy and Security Month at AHIMA. Click here to read the first installment.
Last year was a banner year for healthcare privacy breaches, according to an annual report that....
Cracking Encryption: Despite Benefits, Technology Still Not Widely Used to Combat Multi-Million Dollar Breaches
Author: Butler, Mary
Source: Journal of AHIMA
Publication Date: April 2015
In movies and on television lately, Hollywood has made encryption and decryption look exciting, glamorous, and world-saving. The film The Imitation Game and the BBC show The Bletchley Circle chronicle how British code breakers decrypted military strategy codes from the Nazi encryption tool....
Where to Begin with Cyber Defense
Author: Lewis, Sharon; McDonald, Kevin B
Source: Journal of AHIMA
Publication Date: April 2015
As data is made more readily available through a growing number of public and private channels, understanding the risks is critical. Patients expect organizations to take the steps required to protect their sensitive and personal information as it is being produced, processed, shared, and....
Industry Awaits Phase 2 of HIPAA Audit Program
Author: Asmonga, Donald D.
Source: Journal of AHIMA
Publication Date: January 2015
The wait for the second round of mandated privacy and security audits from the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) continues. OCR is currently working through final details for the revised audit plan as they await finalization of new technolog....
Security Starts at Admissions, But Can’t End After Discharge
Author: Morper, Mike
Source: Journal of AHIMA
Publication Date: November 2014
Admissions and discharge processes can be rife with vulnerabilities and potential HIPAA violations. It is important to address security vulnerabilities and potential compliance problems in the patient admissions and discharge processes. A focus on file destination control, encryption, aut....
Comparative Cost of Inadequate Protection: Healthcare Breaches Ranked the Most Expensive
Author: AHIMA Staff
Source: Journal of AHIMA
Publication Date: October 2014
The US healthcare industry has the unfortunate distinction of having the highest per capita cost of data breaches, recent reports suggest.
A May 2014 Ponemon Institute analysis found that the per capita cost of a healthcare breach was $359 per record. The overall mean across indus....
Who Are You? Authenticating Consumer Identity is Becoming Increasingly Important in Healthcare
Author:
Source: Journal of AHIMA
Publication Date: September 2014
For consumers in the United States, the answer to the question “Who are you?” is becoming increasingly important, especially in relation to one’s healthcare. Safe and secure access to a person’s health information hinges on how their online identity is established and used—especially as m....
Trusted Health IT and IT-as-a-Service: A Prescription for Change
Author: Katz, Roberta
Source: Journal of AHIMA - website
Publication Date: August 2014
Healthcare organizations are increasingly reliant on electronic health records (EHR) for patient care collaboration with trusted IT becoming a key requirement to share protected health information (PHI).
Trusted IT solutions for Health Information Management (HIM) t....
Download Two Apps and Text Me in the Morning: Physicians are Increasingly Prescribing mHealth Apps, but Privacy and Security Worries Remain
Author: AHIMA
Source: Journal of AHIMA
Publication Date: May 2014
While physicians are increasingly likely to pull out their prescription pad and say, in all earnestness, “There’s a new app for that,” recent research suggests the decision to do so is fraught. A survey of 1,500 physicians found that while 37 percent have prescribed an app, 42 percent ref....
Black Market PHI Does Exist: Why It’s Time to Take Security Risk Assessments Seriously
Author:
Source: Journal of AHIMA
Publication Date: May 2014
Many health information management (HIM) experts have wondered whether there is protected health information (PHI) on the black market. In short, the answer is “yes.” According to a 2012 Ponemon Institute study, 90 percent of healthcare organizations surveyed have had at least....
ACA Raises Privacy, Security Concerns, Study Finds
Author: Butler, Mary
Source: Journal of AHIMA - website
Publication Date: May 01, 2014
While there was a slight decline in the number of healthcare data breaches in 2013, the risk of a breach event for a provider or one of their business associates is pervasive. This was one of the most notable findings in a recent Ponemon Institute webinar, “Affordable Ca....
Seven Select Questions to Ask Your Privacy Officer (Or Yourself)
Author: Downing, Katherine
Source: Journal of AHIMA
Publication Date: April 2014
On January 25, 2013, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published the long-awaited HITECH-HIPAA Omnibus Final Rule in the Federal Register. As anticipated, the Omnibus Rule includes some of the most significant changes to patient priva....
Privacy and Security Audits of Electronic Health Information (2014 update)
Author: Walsh, Tom; Miaoulis, William M
Source: AHIMA practice brief | Journal of AHIMA
Publication Date: March 2014
In a perfect world, access controls alone would ensure the privacy and security of electronic protected health information (ePHI). However, the complexities of today’s healthcare environment make it extremely challenging to limit access to the minimum information necessary that members of the workforce require in order to perform their jobs.
Information Security—An Overview (2014 update)
Author: Miaoulis, William M
Source: AHIMA practice brief
Publication Date: January 2014
This practice brief provides an overview of information security, including some of the background and basic concepts involved in securing the privacy of health information. Included are key roles and responsibilities as well as a list of specific policies and procedures that should be considered when developing an organizational security program. References, a checklist, and assistance in developing policies and procedure are also provided to assist readers in the actual development of a security program.
Privacy and Security Audits of Electronic Health Information (2013 update)
Author: Walsh, Tom
Source: AHIMA practice brief
Publication Date: November 2013
Editor’s note: This update supplants the March 2011 practice brief “Security Audits of Electronic Health Information (Updated).”
In a perfect world, access controls alone would ensure the privacy and security of electronic protected health information (ePHI). How....
The Privacy and Security of Non-Traditional Occupational Health Services
Author: Dunn, Rose T; Odia, Godwin
Source: Journal of AHIMA
Publication Date: November 2013
The AHIMA Practice Brief The Privacy and Security of Occupational Health Records focuses on the privacy and security related responsibilities of a healthcare provider that offers occupational health services for other employers in its community. This article supplements that practice brief and focuses on those entities that are not healthcare providers, in the traditional sense of the term.
Guidelines for a Compliant Business Associate Agreement - Retired
Author: AHIMA
Source: AHIMA practice brief
Publication Date: November 2013
This 2013 practice brief version has been retired and is retained here for historical purposes. Read the 2016 updated version of this Practice Brief here.
The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 defines a "business....
HIPAA Security Overview - Retired
Author: Miaoulis, William M
Source: AHIMA practice brief
Publication Date: November 2013
Editor’s note: This update replaces the April 2004 and the November 2010 practice briefs titled “A HIPAA Security Overview.”
The HIPAA security rule has remained unchanged since its implementation more than a decade ago. However, the Health Information Technology for Economic a....
The Healthcare Wall of Shame
Author: AHIMA
Source: Journal of AHIMA
Publication Date: November 2013
While stolen laptops and hacking of healthcare computer networks have dominated the headlines, healthcare privacy and security experts warn that covered entities are ignoring the risks posed by unsecured paper records.
In response to new additions to the Office for Civil Rights'....
The Privacy and Security of Occupational Health Records
Author: AHIMA
Source: AHIMA practice brief | Journal of AHIMA
Publication Date: April 2013
The Occupational Safety and Health Administration (OSHA) defines an “occupational medical record” as an occupation-related, chronological, cumulative record, regardless of the form or process by which it is maintained (i.e., paper document, microfiche, microfilm, or automatic data processing me....
Patient Portals: Express Lane on the Health Information Highway
Author: Eramo, Lisa A
Source: Journal of AHIMA
Publication Date: September 2012
No information request traffic jams.
No toll road trips to the physical HIM department.
Just an open and instant route to patient health information.
But building and managing a patient portal requires HIM knowledge and expertise.
Patient portals are rapid....
HIPAA Compliance for Clinician Texting
Author: Greene, Adam H
Source: Journal of AHIMA
Publication Date: April 2012
The HIPAA privacy and security rules need not act as an obstacle to efficient communications, but keeping texting compliant requires planning and diligence.
Text (or SMS) messaging has become nearly ubiquitous on mobile devices. According to one survey, approximately 72 perce....
Ensuring Remote Coding Compliance
Author: Comfort, Angie
Source: Journal of AHIMA - Coding Notes
Publication Date: April 2012
More and more HIM department managers are turning to remote coding. However, before implementing this staffing model, managers must answer several questions regarding the privacy and security of patient information, including:
What are the compliance risks?
How will privacy and secu....
Keeping It Private: Staying Compliant with the HIPAA Privacy and Security Rules
Author: Tomes, Jonathan P.
Source: Journal of AHIMA
Publication Date: March 2012
HHS's renewed interest in auditing for compliance is a good reminder to covered entities to ensure their privacy and security programs are up to date.
The Department of Health and Human Services' (HHS) announcement of a new program to audit compliance with the HIPAA priva....
Automation for Privacy and Security Compliance
Author: McLendon, Kelly
Source: Journal of AHIMA
Publication Date: March 2012
There has been a lack of enforcement of the privacy and security rules ever since HIPAA's inception. As such the adoption of comprehensive HIPAA compliance programs has lagged behind EHR development and implementation.
This in turn has caused little funding to be budgeted by provide....
Managing Compliance in Healthcare An Integrated Approach to Privacy, Security, and Identity Management
Author: Shim, Steven
Source: AHIMA Convention
Publication Date: October 02, 2011
Overview
This is a unique and challenging time for the healthcare industry in terms of Health Information Technology (IT) adoption and satisfying regulatory requirements such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and HITECH Act privacy and security com....
Transitioning to a Principle Based Privacy Compliance
Author: Williams, Jutta; Thomason, Mary
Source: AHIMA Convention
Publication Date: October 02, 2011
Balancing the protection of individual privacy and the need to use data to provide quality healthcare is no easy task for healthcare workers – or for regulators. Not surprisingly, regulatory requirements for governing the use of health information are complex and have required revision.....
Information Security—An Overview (2010 update)
Author: AHIMA
Source: AHIMA practice brief
Publication Date: December 2010
This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.
HITECH Security – A Practical Approach
Author: Rudloff, Rob
Source: AHIMA Convention
Publication Date: September 28, 2010
Background
HITECH has introduced new security requirements around HIPAA including new breach requirements and associated penalties. This paper addresses the information security and privacy requirements and provides practical solutions to address them. Many organizations already....
Developing an HIM Centric Privacy & IT Security Approach in Healthcare
Author: Cothran, Carey L.; Kost-Woodrow, Beth
Source: AHIMA Convention
Publication Date: September 28, 2010
Background
With the increased governmental funding for implementation of electronic health records and increased prevalence of regional data exchange, comes increased provider obligation, strengthening of regulation and likely unprecedented enforcement activities. The emerging landscape....
Moving Targets: Maximizing the Rewards and Minimizing the Risks of Mobile Devices
Author: Tessier, Claudia
Source: Journal of AHIMA
Publication Date: April 2010
Mobile devices are moving into healthcare with rapid speed, becoming a common health tool for both clinicians and consumers. Provider organizations face a challenge in realizing the opportunities, managing the information, and mitigating the risks.
Just a few short years ago, CIOs we....
Balancing Access, Privacy, and Security: Applying Core Values in an Era of Accelerating Digital Practice
Author: Dowling, Alan F.
Source: Journal of AHIMA
Publication Date: April 2010
In our rapidly changing world, it is heartening to recognize the immutability of AHIMA’s ethics. This year marks the twenty-fifth anniversary of AHIMA’s position statement on health information confidentiality. The statement addressed the ethical practices needed to safeguard t....
Healthcare Breach Management: Business Associate Agreement Addendum
Author: Hjort, Beth M.; Rhodes, Harry B.
Source: AHIMA Advocacy and Policy
Publication Date: January 22, 2010
CMS’s 2009 Security Assessment Process
Author: Dinh, Angela K.
Source: Journal of AHIMA
Publication Date: September 2009
In 2008 the Centers for Medicare and Medicaid Services (CMS) conducted 10 HIPAA security assessments in covered entities (CEs) nationwide. CMS’s stated purpose was not to identify flaws but to gain a true understanding of industry compliance with the HIPAA security rule.
CMS co....
Documenting Data Loss: Losses Must Be Documented Just Like Other Business Activities
Author: Nunn, Sandra L.
Source: Journal of AHIMA
Publication Date: July 2009
Good faith information management practices are an important form of compliance with the Federal Rules of Civil Procedure, the regulations issued in December 2006 that in part govern e-discovery in federal courts. Organizations responding to the regulations are in the midst of creating policie....
Untangling Privacy
Author: Dimick, Chris
Source: Journal of AHIMA
Publication Date: February 2009
Health IT won’t advance far without resolving the complex issue of privacy protections. Can a complicated situation be teased apart thread by thread?
The debate on privacy has become very public.
Privacy advocates, health IT advocates, providers, HIM professionals, fe....
[1] 2 3