Archives: Data Security

Subscribe to Data Security RSS Feed

Comments Requested on Draft Guide on Securing Electronic Health Records on Mobile Devices

The National Cybersecurity Center of Excellence (“NCCoE”) has released a draft for public comment of the first guide in a new series of publications “that will show businesses and other organizations how to improve their cybersecurity using standards-based, commercially available or open-source tools.” The guide discusses how to secure electronic health records on mobile devices. … Continue Reading

Department of Defense Contract To Overhaul Electronic Health Records System

The Department of Defense (DOD) is expected to select a contractor sometime this summer to modernize its electronic health records (EHR) system. The DOD’s $11 billion Healthcare Management Systems Modernization Electronic Health Record program will replace the agency’s existing EHR system, which supports more than 9.7 million beneficiaries, including active duty personnel, retirees, and their … Continue Reading

May 2015 EU mHealth Round-Up

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced … Continue Reading

Moving to the Cloud: Privacy and Other Key Considerations for Healthcare Entities

Last week, as part of our Life Sciences Essentials series, Covington hosted a webinar discussion of issues facing life sciences companies as they increasingly utilize cloud services to collect, aggregate, store and process data. The webinar is available here, and the slides can be viewed here. Panelists and topics included: Anna Kraus — HIPAA and … Continue Reading

Cyber Attacks on Health Data Increasing, Primary Cause of Data Breaches, Group Finds

A new study out by the Ponemon Institute finds that criminal attacks, rather than accidents or technological failures, are the leading cause of data breaches. The report finds that cyber-criminals are increasingly targeting health care providers and business associates for the vast amounts of personal data held by these entities, and that these attacks are … Continue Reading

Webinar Invite: Moving to the Cloud: Privacy and Other Key Considerations for Healthcare Entities

Join Covington for a webinar discussion of issues facing life sciences companies as they increasingly utilize cloud services to collect, aggregate, store and process data as part of our Life Sciences Essentials series. May 13, 2015 12:30 p.m. – 2:00 p.m. EDT 9:30 a.m. – 11:00 a.m. PDT 4:30 p.m. – 6:00 p.m. GMT Click … Continue Reading

Moving to the Cloud: Some Key Considerations for Healthcare Entities

Healthcare providers, health plans, and other entities are increasingly utilizing cloud services to collect, aggregate, store and process data.  A recent report by IDC Health Insights suggests that 80 percent of healthcare data is expected to pass through the cloud by 2020.  As a substantial amount of healthcare data comprises “personal information” or “protected health … Continue Reading

Summary Report of European Commission’s mHealth Consultation Published

The European Commission has finally published its summary of 211 responses to its mobile health (“mHealth”) consultation.  The summary and original responses to the consultation have been made available on the Commission’s website at https://ec.europa.eu/digital-agenda/en/news/summary-report-public-consultation-green-paper-mobile-health The consultation covered a broad range of important issues for mHealth, including legal frameworks, privacy and data protection, patient safety, … Continue Reading

HIPAA 2015 Enforcement Priorities Highlight Cyber Threats, But Timing of HIPAA Compliance Audits Still Uncertain

On January 13, 2015, Jocelyn Samuels, director of the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services, briefed reporters on the agency’s HIPAA enforcement priorities, noting a focus on threats to electronic health information, or ePHI.  Samuels highlighted an increase in infiltration of computer networks reported under the breach … Continue Reading

President Obama Announces Precision Medicine Initiative, Presses for Cybersecurity Legislation

This year’s State of the Union address included little explicit discussion of health IT, but did highlight two areas that could have significant implications for health IT: the President announced a new “Precision Medicine Initiative” and also urged Congress to pass legislation to combat cyber attacks and prevent identity theft. While the address was scant … Continue Reading

FTC Remarks Signal Heightened Focus on Mobile Health Devices

Federal Trade Commission (FTC) chairwoman Edith Ramirez’s remarks at the International Consumer Electronics Show on Tuesday signal that FTC may be paying increased attention to privacy and security issues in the mobile health industry. The speech focused on how “the introduction of sensors and devices into currently intimate spaces – like our homes, cars, and … Continue Reading

Recent HIPAA Settlement Highlights Need to Address Software Risks

On December 2, 2014, the Anchorage Community Mental Health Services (ACMHS) agreed to pay $150,000 under a settlement agreement with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  ACMHS entered the settlement agreement … Continue Reading

E-Health Take Note: Standards Published for Personal Data in the Cloud

Our colleagues at the InsideEULifeSciences blog recently posted a summary of new standards jointly adopted by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) governing the processing of personal data in the cloud — ISO/IEC 27018 (“ISO 27018”).  These are the first privacy-specific international standards for the cloud.… Continue Reading

HHS Report Details Breaches of PHI, Makes Recommendations

In its Annual Report to Congress on Breaches of Unsecured Protective Health Information, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reports on both large and small breaches of protected health information (PHI), as well as breach-related settlement agreements and audits.  The Office also recommends steps that covered entities should … Continue Reading

HHS Report Highlights HIPAA Privacy, Security, and Breach Notification Compliance Trends

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently released two annual reports regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and provisions enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The reports indicate that HIPAA-related complaints continue to grow annually; however, … Continue Reading
LexBlog