Monthly Healthcare Privacy News Roundup: HIPAA-Compliant Alexa, the top 100 hospitals in the US, and More
Every month, we compile the most compelling healthcare privacy- and security-related news stories. Below, you’ll learn more about Amazon Alexa’s newly HIPAA-compliant skills, the best hospitals in America, insider threats, and more.
In an effort to make healthcare more accessible for patients while respecting their privacy, Amazon has launched six new HIPAA-compliant skills for Alexa. Developed by companies participating in the Amazon Alexa healthcare program, these skills simplify healthcare-related tasks like finding urgent care centers, making appointments, accessing test results and health data, and interacting with clinicians – all without violating HIPAA standards.
The six companies that developed new skills are:
- Express Scripts
- Cigna Health Today
- All Children’s Enhanced Recovery After Surgery
- Livongo Blood Sugar Lookup
- Atrium Health
- Swedish Health Connect
During the month of March, 31 healthcare data breaches were reported to the Office of Civil Rights (OCR), at a rate of one breach every day. March 2019 ranks 14% higher than the monthly average of breaches reported over the past five years.
Hacking and IT incidents accounted for 88.4% of 912,992 compromised records, most of which were caused by ransomware and malware attacks. Although the OCR did not agree to any fines or settlements during March, the Texas Department of Aging and Disability Services agreed to a financial penalty of $1.6 million over a data breach from 2015.
Becker’s Healthcare has released their 2019 list of the top 100 hospitals in America. Recognized by their excellent patient care, outcomes, and employee satisfaction, these organizations have been acknowledged as leaders and innovators in the healthcare industry. Curious to see if your institution has made it to the top 100? Read Becker’s list to find out!
As technology becomes more sophisticated, guidelines must be developed to help healthcare adapt and become more accessible for patients. In the spirit of implementing the 21st Century Cures Act while aiding the interoperability of healthcare organizations, the ONC has proposed a new rule to support seamless access and exchange of PHI.
The main focus of the rule is to encourage interoperability while preventing data blocking – defined by the U.S. Department of Health and Human Services (HHS) as “practices that unreasonably limit the availability, disclosure, and use of electronic health information [to] undermine efforts to improve interoperability.” Effects of implementing the proposed regulation include:
- Encouraging innovation by providing patients and providers with secure access to health information and new tools like patient portals
- Prohibiting information blocking, such as charging patients for access to their own medical records
Cybersecurity threats pose a constant challenge in healthcare. Although all sides can be susceptible to risks like ransomware and phishing attacks, the insider threat can be one of the most damaging. According to a Verizon PHI Breach Report, 58% of all healthcare breaches were caused by inside actors. With 75% of insider threats going unnoticed and patients’ most sensitive information at stake, what can you do to prevent and defend against malicious insiders in healthcare?
This article from the HIPAA Journal explains insider threats, the risks they pose, and how to protect your organization’s and patients’ most sensitive information.
With healthcare being one of the industries most vulnerable to insider threats, cybersecurity measures are necessary to protect the valuable data that medical facilities store. But recently, security in healthcare has transitioned to a privacy focus.
With GDPR making an enormous impact on data privacy in the EU, the United States Congress recently held a hearing to discuss adopting a similar regulation in America to “protect consumer privacy in the era of big data.” Although maintaining HIPAA compliance is always paramount to any healthcare organization, lawmakers are looking to create a more stringent law – like GDPR – which puts consent in patients’ hands.
“We need some other regulations, besides the federal laws, that can drive into data privacy to help organizations determine how to turn those regulations into actionable steps for cybersecurity.” – Shefali Mookencherry, principal advisor for information security, privacy and disaster recovery at Impact Advisors