– Throughout the year, privacy, security and cybersecurity of healthcare have remained a crucial part of the board's discussions, determining the best way to proceed in an ever-changing threat landscape.
These conversations will continue to dominate in 2019, with leading security professionals predicting that healthcare organizations will continue to invest in AI, in the IoT and in the safety of medical devices, along with better employee training.
But to have an idea of the topics that matter most for executive and clinical leadership, HealthITSecurity.com compiled the best stories of 2018. Here are the most read stories of 2019, which lead to the most popular article.
10. Because Blockchain technology is important for health security
The verdict is still clear on how much blockchain can be at the height of the advertising campaign, but this resource emphasizes how technology can help healthcare organizations to validate patient records to strengthen patient privacy.
Blockchain organizes data to verify and record transactions. And for health care, it means validating all health data included in a health care or IT system. There are a wide range of health uses applicable from medical records to financial transactions, with each new action verified against an authoritative ledger of previous events.
READ MORE: Reduce the risk of emailing employees by making decisions by users
Health organizations need to be aware of the regulations surrounding the technology and how it might affect security, to determine if it's the right solution.
9. Has the EMS worker committed HIPAA violations with a Facebook post?
In one of the most singular news of the year, an EMS worker from Roane County published the position of an emergency response on his Facebook page. The rescuer was part of a team that answered a call for a patient who had had a heart attack in his house.
The EMS operator has posted on his Facebook account, "Well, we had a first … We worked a code in a chicken house! Deep throated chicken excrement."
The victim's wife complained to the county of Roane EMS for the post, and as a result the clerk was warned. But the event called for a discussion on HIPAA compliance. This article analyzes some of these problems.
8. How much do the health data give to the cost organizations?
Health service data breaches are on the agenda due to the increasing sophistication of hackers throughout the year, along with health organizations struggling to keep up with staffing resources and scarcity . However, regardless of the size of the organization, violations are costly, from downtime to online system recovery.
READ MORE: Larger challenges, lessons learned from Cybersecurity on health in 2018
In February, Ponemon broke the true cost of a violation: $ 380 per stolen health record.
This resource illustrates why costs are so high, as well as ways to reduce harm, including incident response plans, data encryption, employee training and other elements.
7. Advantages, challenges of the safe sharing of health data
While the industry continues to await the decision of the Office of the National Coordinator on Information Blocking and a HIPAA update to support the coordination of assistance, data sharing remains a crucial concern for health organizations.
The use of secure data sharing has a number of advantages, from avoiding medication errors to reducing duplicative tests. However, suppliers must keep in mind that while HIPAA allows data sharing, there are some obstacles to overcome.
In recent months, industry stakeholders have pushed for better data sharing to support value-based assistance. And the Department of Health and Human Services is on board, releasing an information request to see how HIPAA can be modernized to better support data sharing.
6. Oklahoma Hospital sued for alleged HIPAA violation by drowning
READ MORE: How to build a balanced budget for health information security
There are some HIPAA violations that trigger the industry debate on the HIPAA rule, and the August 23 case of an Oklahoma patient did just that.
The McAlester Regional Health Center in Oklahoma was sued for an alleged HIPAA violation after the hospital shared information about a drowning of a boy with a biological mother. The cause was presented by her adoptive parents, who said that the violation caused emotional distress, as the biological mother "consented to the cessation of her rights". The jury trial date is set for January.
The resource outlines a similar case dismissed by a federal court in June, which established that there is no private right of action under the HIPAA.
5. New York suspends the nurse for the HIPAA violation affecting 3K patients
The state of New York suspended Martha Smith-Lightfoot, a former nurse at the University of Rochester Medical Center, for violating HIPAA when she made a list of over 3,000 patients to her new employer.
The list contained demographic information and patient diagnosis. Smith-Lightfoot said he took the list to ensure continuity of care for patients, but never received permission from patients or from the URMC to do so.
The story outlined several privacy incidents with URMC, which led officials to strengthen health system security protocols and training.
4. The role of health risk assessments
Under HIPAA, risk assessments are a requirement. However, organizations that go beyond the requirements, a risk assessment can reveal vulnerabilities and help organizations strengthen their security program.
Given the ongoing assault on attacks, risk assessments are a crucial tool in every organization's belt. The analysis examines the physical, technical and administrative guarantees. Although an assessment may not be needed frequently, it should occur whenever a new tool is implemented.
This resource provides an overview of the most common errors and goes beyond HIPAA requirements to enhance security.
3. Violations of the most common hospital data affect most patients
In the current threat landscape, health violations are almost inevitable. But a study by the American Journal of Managed Care revealed that hospitals are far more susceptible to violations and the impact is greater on patients when it occurs.
More than 200 hospital violations occurred during the research period, with 185 occurring in acute care hospitals. In fact, 30 of these hospitals had more than one violation during that period of time. And a hospital has had four violations.
Computers are the biggest source of breach given accessibility by passwords lays and generic usernames. History outlined the point where hospitals lacked security – and precisely what can be done about it.
2. The security breach of the LabCorp network can have a PHI of millions
In one of the biggest stories of the summer, LabCorp experimented with a cyber attack on the weekend of July 14th on its IT network. The systems had to be offline during this period of time, which influenced the processing of the tests and the access of customers to the test results.
The interruption lasted for several days, and many wondered if patient data would be affected by the security event. The officials later determined that no patient data were violated. The Department of Justice later confirmed that LabCorp was a victim of the notorious SamSam virus that had targeted health care throughout 2017 and 2018.
1. What is a HIPAA agreement for businesses (BAA)?
This year saw a long list of violations caused by business partners and third-party vendors. In fact, the biggest breach of 2018 was caused by a cyber attack on AccuDoc Solutions. Data from over 2.65 million patients with Atrium Health have been violated for more than a week due to the security event.
Given the increased risk, many healthcare organizations are trying to better understand how to manage their suppliers, starting with agreements with business partners. If requested by HIPAA, organizations can draw up these contracts to ensure that they are protected in the event of a security event.
This resource provides an in-depth evaluation of how to build a BAA, understand the relationship with business partners and what happens when the vendor violates HIPAA.
The conversations about supplier management and HIPAA debates will continue in the coming year, as the Civil Rights Office continues to crack down on business partner violations and the ONC considers a HIPAA modernization.