On October 27, 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). Section 405 of CISA is specific to healthcare and charges Health and Human Services (HHS) with the responsibility of leading healthcare cybersecurity efforts, with the goal of keeping patient personal data secure.

Vendors always attempt to position themselves as a partner and a friend. The vendor relationship can sometimes get confusing and cause frustration around expectations, and one of those expectations is protecting data. So, the Vendor Relationship: BFFs? or Covered Entity and Business Associate?

It’s enough stress on CIOs and IT Directors to worry about a breach occurring in their own organization; but add to that stress the concern of being responsible as well, if a breach happens at one of their vendors. It can be overwhelming!

ECRI Institute recently announced their annual “Top 10 Health Technology Hazards for 2019.” If you keep abreast of Health Information Technology (HIT) news, you already know the number one risk: hackers can exploit remote access to systems, disrupting healthcare operations.

"The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," said ECRI Health Devices Program Executive Director David Jamison. "In critical situations, this could cause harm or death."

The topic of security is on the minds of most healthcare IT professionals today. Securing remote access to your hospital's network is the deadbolt that helps protect your data. Most people don't leave their backdoor wide open, or expect that little doorknob lock to be secure, so why do most hospitals do the equivalent with their networks?

According to Frost & Sullivan, Artificial Intelligence systems are projected to be a $6 billion dollar industry by 2021¹. In fact, if you Google “artificial intelligence” and “patient privacy” you’ll get at least 35,000 results. There’s been a lot of hype in the media recently about artificial intelligence (AI) and whether or not it’s good or bad for patient privacy. No matter where you stand on the topic, there’s no doubt that AI is already helping privacy auditors save time. Read on to learn how…

Today I realized that in September of this year, I will have been in Healthcare IT for 28 years. During that period of time, I've performed a number of jobs and learned many different things. I've been in both technical and non-technical roles, in staff and leadership positions, and had the pleasure of working with some amazing people in many different states. The greatest lesson I have learned along my journey is that people are the most important aspect of any successful technology project.

On August 14^th at 2:00 p.m. ET, join me for "How the Human Factor Impacts Patient Privacy," an educational webinar where I’ll discuss a number of breaches and show examples of how the human factor was ultimately the root cause. Use the link above to register to attend, and read the rest of this blog post for the background to set the stage.

We all remember in 2005 when Amazon started tracking customer habits, and built sophisticated tools to recommend more purchases and direct your searches toward products it thinks you’re most likely to want. 

That's the use case I think about when the subject of behavioral analysis comes up. The more the software can learn about the person, their demographics, their buying and web-browsing habits, the better Amazon can sell products to them.

It is said that a heart attack is 80% preventable by eating well, exercising regularly, and keeping stress to a minimum*. While there is no official statistic yet, I would say that a cyber-attack is 95% preventable by vetting partners well, exercising caution, and keeping access points to a minimum. 

Today’s hospital leaders face unprecedented challenges when it comes to safeguarding patient privacy—mounting regulations, increased organizational complexity, along with dispersed privacy and security processes—all amid millions of patient data accesses every single day.