Office of Civil Rights

See the following -

A Ransomware Epidemic And An Overdue National Health IT Safety Center

Dean Sittig and Hardeep Singh | Health Affairs Blog | July 29, 2016

A rapid increase in computerization of health care organizations (HCOs) around the world has raised their profile as lucrative targets for cyber-criminals. Recently there has been a spate of high-profile ransomware attacks involving hospitals’ electronic health record (EHR) data.Briefly, ransomware attacks commonly start when a user is conned into clicking an internet link or opening a malicious email attachment. Malware, or software that is intended to damage or disable the computer, is then downloaded and rapidly encrypts data on that computer and attempts to reach out to other computers on the same network to encrypt data on those computers as well; consequently, all encrypted data is inaccessible...

Read More »

Health IT Task Force Synthesizes Open API Themes

Frank Irving | HealthIT Interoperability | February 11, 2016

Health IT integration will reach a significant threshold when, as specified under 2015 Edition criteria, electronic health records systems and related tools must provide consumer-facing access to the Common Clinical Data Set via an application programming interface (API). Hard at work deciphering how consumers could leverage API technology to access patient data is the Joint API Privacy and Security Task Force...

Read More »

On the Lack of Cyber Security of Medical Devices

Two weeks ago the U.S. Food and Drug Administration advised hospitals not to use Hospira's Symbiq infusion system, concluding that a security vulnerability enables hackers to take remote control of the system. The agency issued the advisory some 10 days after the U.S. Department of Homeland Security warned of the vulnerability in the pump. My view is that this will be the first of many advisories. For years, manufacturers of medical devices depended on the “kindness of strangers” assuming that devices would never be targeted by bad actors.    EKG machines, IV pumps, and radiology workstations are all computers, often running un-patched old operating systems, ancient Java virtual machines, and old web servers that no one should currently have deployed in production.

Read More »

ONC Playbook Breaks Down Health IT, EHR Tasks and Buzzwords

Jennifer Bresnick | HealthIT Analytics | September 27, 2016

The healthcare industry seems to be largely driven by buzzwords: quick and snappy phrases that reduce complex, difficult, expensive and often confusing initiatives into keywords that may not mean much to the uninitiated. From big data and population health management to electronic health records and value-based care, these short and sweet terms have come to define the new direction of one of the nation’s largest sectors...

Read More »

Patient Health Information Precariously Safeguarded, According to Privacy Analytics

Terry Dawes | Cantech Letter | September 22, 2015

According to a new infographic compiled by Ottawa data privacy company Privacy Analytics, costs associated with a data breach, including notification, legal fines, legal fees, forensics, PR, etc., amounts to approximately $208 per person. While data breaches across the board are damaging, from major corporate leaks like Target to member-based services like Ashley Madison, it’s the leaking of personal health information (PHI) that is most sensitive and which Privacy Analytics specializes in...

Read More »

Precision Medicine Initiative Needs Help with Data Sharing Barriers

Greg Slabodkin | HealthData Management | August 25, 2015

The White House is looking for input from the healthcare industry to identify new information technology activities that can help make President Obama’s $215 million Precision Medicine Initiative a reality.

Read More »