Joy Pritts of the Office of the National Coordinator for Health IT says the office intends to develop standards that would give patients the ability to exclude clinicians from accessing certain portions of their electronic health records.
The Privacy and Security Tiger Team is advocating requiring participants in Stage 2 of the HITECH Act's electronic health record incentive program to verify how they are keeping stored data secure, such as through encryption.
The federal government's official tally of major health information breaches now confirms the recent Health Net incident affected 1.9 million individuals, making it the largest breach on the list. Meanwhile, at least four state agencies are now investigating the incident.
The National Institute of Standards and Technology and the Department of Health and Human Services' Office for Civil Rights will hold their fourth annual healthcare information security conference May 10-11 in Washington.
After the revelation of Operation Aurora, the term began to take on a different meaning. "In essence," IBM's X-Force report says, "APT became associated with any targeted, sophisticated or complex attack regardless of the attacker, motive, origin or method of operation."
An Illinois childcare agency has articulated a revised security policy, including the use of encryption, in announcing a breach involving the apparent theft of three back-up unencrypted portable hard drives.
As healthcare organizations digitize more patient information, they need to take five essential risk management steps to ensure that the data is secure and privacy is protected, says Raj Caudhary, a principal at the consulting firm Crowe Horwath.
A draft of a Federal Health IT Strategic Plan provides a roadmap that the next national coordinator for health IT may use in spearheading many efforts, including protecting the privacy of healthcare information.