AG Strategy Group
Thursday, May 14, 2015
With the development of wearable technologies such as the Nike Fuel Band, Fitbit, and Apple Watch, consumers suddenly have more options to monitor their fitness performance than ever before. And the way these devices capture data poses serious privacy and security issues to individually-identifiable health information that must be addressed.
AG Strategy Group
Monday, April 27, 2015
A new international privacy standard for cloud providers — ISO 27018 — brings an effective means to better protect health data. The privacy standard mirrors some of HIPAA’s tenets while providing an all-important third-party audit mechanism.
AG Strategy Group
Wednesday, April 22, 2015
A 2013 update to HIPAA’s privacy standards put greater restrictions on profit-making uses of PHI but did not go far enough. With the update, cloud providers have the option of adopting stronger voluntary privacy standards. Released in August 2014, the ISO/IEC code of practice (known formally as 27018) outlines standards for how providers of public cloud services should handle personally identifiable information). Though there is some overlap with HIPAA, the ISO/IEC code of practice draws several important distinctions:
Elizabeth Snell, Health Security, Wednesday, March 11, 2015
HIPAA regulations were created to ensure that patients’ PHI remained secure, and that individuals would not have to worry about their personal information falling into the wrong hands. Similarly, the Family Educational Rights and Privacy Act (FERPA) is a federal law protecting the privacy of student education records. However, recent events have pushed the two laws to the forefront, as individuals’ privacy rights are being called into question. A University of Oregon (UO) student was reportedly going to file a sexual assault-related lawsuit against the school. However, UO allegedly accessed the student’s therapy records from its counseling center and handed them over to its general counsel’s office. The student’s medical records were then used to help defend against her lawsuit.
Bob Bogle, Health Data Management, Friday, January 30, 2015
Despite the initial hesitation, new data suggests that healthcare organizations have moved beyond these once widely-held concerns. One telling finding, via Imprivata’s “2014 Desktop Virtualization Trends in Healthcare” report, is that 40% of healthcare organizations surveyed report now storing protected health information in the cloud. While this is far from the majority, PHI is often considered the most sensitive segment of healthcare data, and that figure is certainly up from years’ past, indicating that a significant shift has taken place with decision makers now placing more trust in cloud infrastructure. Following that shift, what continues to evolve is the benefits that healthcare organizations have realized through the adoption of cloud-based health IT services. With trust on the rise, use cases and benefits of cloud in healthcare continue to surface.
Julian Hattem, The Hill, Friday, January 30, 2015
Companies including Google, Twitter, Yahoo and Advertising.com automatically obtain information from people visiting HealthCare.gov, according to analysis by congressional staffers. The finding builds on news last week that dozens of data-tracking companies were able to obtain information about people visiting the federal healthcare website, potentially including information about their age, location and pregnancy status.
Bernie Monegain, Healthcare IT News, Thursday, January 15, 2015
Google is a key contender – part of the PwC team – bidding on the massive 10-year federal contract to build an electronic health record system for the Department of Defense. PwC announced the collaboration with Google Thursday. Google had been part of the team from the start, Dan Garrett, PwC's health IT leader, told Healthcare IT News. "They were part of our submission in our original proposal," he said. "Since the proposal, we've also cemented a broader relationship between the two firms. And, we thought it was appropriate now to make the rest of the world aware of the submission that we had made."
Joseph Goedert, Health Data Management, Wednesday, December 17, 2014
The draft guidance seeks to bring uniformity to the vocabulary of cloud service measurements that include abstract metric, abstract metric definition, cloud service property, concrete metric definition, context, measurement, measurement result, metric, observation, and unit of measurement. The guidance also describes the “cloud service trifecta” which can be broken down into three general areas: service selection, service agreement and service verifications, along with supporting metrics. It further defines in detail a “cloud service metric model” with 23 elemental descriptions of the foundation diagram that describes a metric definition.
Kenneth Corbin, CIO, Tuesday, December 16, 2014
The volume of healthcare data is growing at a staggering rate, bringing with it a host of technical, compliance and governance challenges for CIOs working in that sector. A recent report from EMC and the research firm IDC offers a few imaginative ways at visualizing that proliferation, anticipating an overall increase in health data of 48 percent annually.
Monday, November 17, 2014
At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies. But wait! Stop the presses! A recent decision by the Connecticut Supreme Court has concluded that people really can sue for HIPAA violations. As I will explain later, this is not a radical conclusion ... though the implications of this conclusion could be quite radical and extend far beyond HIPAA.