A booster shot for cloud privacy standards?

Julie Anderson by Julie Anderson, AG Strategy Group
Wednesday, April 22, 2015

A 2013 update to HIPAA’s privacy standards put greater restrictions on profit-making uses of PHI but did not go far enough. With the update, cloud providers have the option of adopting stronger voluntary privacy standards. Released in August 2014, the ISO/IEC code of practice (known formally as 27018) outlines standards for how providers of public cloud services should handle personally identifiable information). Though there is some overlap with HIPAA, the ISO/IEC code of practice draws several important distinctions:

HIPAA Regulations v. FERPA Rules In Privacy Rights

Elizabeth Snell, Health Security,  Wednesday, March 11, 2015

HIPAA regulations were created to ensure that patients’ PHI remained secure, and that individuals would not have to worry about their personal information falling into the wrong hands. Similarly, the Family Educational Rights and Privacy Act (FERPA) is a federal law protecting the privacy of student education records. However, recent events have pushed the two laws to the forefront, as individuals’ privacy rights are being called into question. A University of Oregon (UO) student was reportedly going to file a sexual assault-related lawsuit against the school. However, UO allegedly accessed the student’s therapy records from its counseling center and handed them over to its general counsel’s office. The student’s medical records were then used to help defend against her lawsuit.

Healthcare Organizations Have Embraced the Cloud...Now What?

Bob Bogle, Health Data Management,  Friday, January 30, 2015

Despite the initial hesitation, new data suggests that healthcare organizations have moved beyond these once widely-held concerns. One telling finding, via Imprivata’s “2014 Desktop Virtualization Trends in Healthcare” report, is that 40% of healthcare organizations surveyed report now storing protected health information in the cloud. While this is far from the majority, PHI is often considered the most sensitive segment of healthcare data, and that figure is certainly up from years’ past, indicating that a significant shift has taken place with decision makers now placing more trust in cloud infrastructure. Following that shift, what continues to evolve is the benefits that healthcare organizations have realized through the adoption of cloud-based health IT services. With trust on the rise, use cases and benefits of cloud in healthcare continue to surface.

Google, Twitter, Yahoo nab HealthCare.gov data

Julian Hattem, The Hill,  Friday, January 30, 2015

Companies including Google, Twitter, Yahoo and Advertising.com automatically obtain information from people visiting HealthCare.gov, according to analysis by congressional staffers. The finding builds on news last week that dozens of data-tracking companies were able to obtain information about people visiting the federal healthcare website, potentially including information about their age, location and pregnancy status.

Google on board for DoD contract bid

Bernie Monegain, Healthcare IT News,  Thursday, January 15, 2015

Google is a key contender – part of the PwC team – bidding on the massive 10-year federal contract to build an electronic health record system for the Department of Defense. PwC announced the collaboration with Google Thursday. Google had been part of the team from the start, Dan Garrett, PwC's health IT leader, told Healthcare IT News. "They were part of our submission in our original proposal," he said. "Since the proposal, we've also cemented a broader relationship between the two firms. And, we thought it was appropriate now to make the rest of the world aware of the submission that we had made."

Tips from NIST on Picking the Right Cloud Vendor

Joseph Goedert, Health Data Management,  Wednesday, December 17, 2014

The draft guidance seeks to bring uniformity to the vocabulary of cloud service measurements that include abstract metric, abstract metric definition, cloud service property, concrete metric definition, context, measurement, measurement result, metric, observation, and unit of measurement. The guidance also describes the “cloud service trifecta” which can be broken down into three general areas: service selection, service agreement and service verifications, along with supporting metrics. It further defines in detail a “cloud service metric model” with 23 elemental descriptions of the foundation diagram that describes a metric definition.

How CIOs Can Prepare for Healthcare ‘Data Tsunami’

Kenneth Corbin, CIO,  Tuesday, December 16, 2014

The volume of healthcare data is growing at a staggering rate, bringing with it a host of technical, compliance and governance challenges for CIOs working in that sector. A recent report from EMC and the research firm IDC offers a few imaginative ways at visualizing that proliferation, anticipating an overall increase in health data of 48 percent annually.

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, November 17, 2014

At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies. But wait! Stop the presses! A recent decision by the Connecticut Supreme Court has concluded that people really can sue for HIPAA violations. As I will explain later, this is not a radical conclusion ... though the implications of this conclusion could be quite radical and extend far beyond HIPAA.

The Brave New World of HIPAA Enforcement (Part 4)

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, October 20, 2014

The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS).

Restoring Privacy in the Era of Big Data

Kris Alman, Student Privacy Matters,  Sunday, October 19, 2014

A parallel explosion of big data since 2001 is not coincidental. Big data utopians proclaim better integration of fragmented health and education sectors and data analysis will improve outcomes and improve value. The question never seems to be asked, “For whom?”