Related Stories

  • HHS fines Phoenix Cardiac Surgery $100,000 for HIPAA violations
    The US Department of Health and Human Services (HHS) has fined Phoenix Cardiac Surgery $100,000 for posting clinical and surgical appointments for its patients on a publicly available calendar, as well as for other violations of Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules.
  • Privacy advocate warns cybersecurity bills could lead to increased government surveillance
    A number of the cybersecurity bills being considered by Congress raise privacy and civil liberties concerns and could open a back door to widespread government surveillance, warned the Center for Democracy and Technology (CDT), a privacy advocacy group.
  • HIPAA compliance concerns slow cloud adoption by healthcare organizations
    Compliance with Health Insurance Portability and Accountability Act (HIPAA) information security regulations are deterring many healthcare organizations from adopting cloud computing, noted Mike Murphy, vice president of technology operations at healthcare information vendor MD-IT.
  • Comment: HIPAA vs The Cloud
    Cloud computing provides a cost effective service option for the IT needs of healthcare organizations; however, loss of assured end-to-end control of data can create HIPPA compliance issues. Chris Witt, CEO of WAKE Technology Services, serves up his perspective on the tradeoffs
  • HHS to give patients right to see who has accessed their records
    The Department of Health and Human Services (HHS) has proposed that the Health Insurance Portability and Accountability (HIPAA) privacy rule be amended to allow a patient to receive a report on individuals and organizations that have accessed his or her electronic medical records.

Top 5 Stories


Patient privacy laws need updating to handle electronic health information exchanges

28 June 2012

The Consumers Union and the Center for Democracy and Technology is warning about gaps in current US federal and state laws for protecting patients’ health data in electronic health information exchanges.

According to a policy brief prepared by the two groups, the shift from paper to electronic health records presents new challenges to protecting the privacy and security of patients’ health information. A breach that formerly affected a single paper record now could expose an entire database of patient records, the brief noted.

At the same time, health information exchange presents new ways to improve the privacy and security of patients’ data, including encryption, authentication and authorization controls, and electronic audit trails, the groups argued.

While current laws set rules for how health care entities may collect, use, and share health information, the policy brief identified gaps in the laws that should be addressed.

The brief recommended that accountability for compliance with federal and state health privacy and security protections should be strengthened; laws that protect electronic health data should be reassessed to ensure they address new security challenges and incorporate technological innovations such as encryption; and penalties should be established for unauthorized re-identification of de-identified health data.


This article is featured in:
Compliance and Policy  •  Encryption  •  Identity and Access Management  •  Internet and Network Security  •  Public Sector


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×