In case you missed some of the top news this month here is our digest of the top headlines with commentary from our team. Please enter start a discussion in the comment section below- we’d love to hear your thoughts!

How Big Data Will Customize Our Health Care

In this Wall Street Journal article, Drew Harris, director of health policy at Thomas Jefferson University’s School of Population Health in Philadelphia, raises some interesting observations about the future role of data within health care.

In particular, he issues a stern warning about organizations’ responsibility to protect this data, saying that they must “ensure health data systems are unhackable and data-use rules are strictly enforced,” and demands that “punishment for violations must be as severe as the potential damage.”  His final point is an important one, stressing that if data is not carefully guarded that “no one will trust data-driven population health and the benefit of sharing will be lost.” This underpinning our position that the protection of PHI is less about compliance and more about patient care.

irmquote2

Anthem Breach Began with Phishing of Employees

As forensic analysis of this huge incident continues, this article highlights 3 key take-homes from the latest details surrounding this data breach:

  1. An employee unwittingly caused the breach. “the criminals got in through… phishing which has tricked the employees into unknowingly revealing a password or downloading a Trojan with a keylogger software.”
  2. The final breach was the end result of an ongoing, deliberate attempt to access their data. “It is clear that Anthem is the victim of an Advanced Persistent Threat, because the evidence shows they have been under sustained attacks for a long period of time.”
  3. Cyber criminals have been quick to leverage the public exposure of the breach through phishing scams, although Anthem has been quick to respond that “There is no indication that the scam email campaigns are being conducted by those that committed the cyberattack, or that the information accessed in the attack is being used by the scammers.”

Guide to Privacy and Security of Electronic Health Information

A nice, practical guide from HealthIT.gov.  At over 60 pages long, the PDF is in no way a cheatsheet, but covers key topics in enough depth to be comprehensive without alienating “beginners” to the subject of compliance with the HIPAA-HITECH Rules and general information security risk management programs. (If HIPAA 101 is your level of familiarity with this subject area, I recommend registering for up upcoming FREE educational track here.)

The guide also includes some interesting and timely sidebars about subjects such as texting patients, employees and mobile devices, and the increasing threat from cybercriminals.

Rising Cyber Attacks Costing Health System $6 Billion Annually

This Bloomberg article takes a look at the results of a recent Ponemon Institute Survey that shows the staggering cost of cyber attacks on a struggling health care industry.

We will be publishing our own commentary and infographic next week on that study. To hear when that is published, fill out the form below.

Other top news:

 The Future Of Medicine – Where Investors Are Putting Their Money

Extremely serious virtual machine bug threatens cloud providers everywhere

OCR Launches Phase 2 HIPAA Audits

Bombshell Testimony in FTC’s LabMD Case

Insurer CareFirst says 1.1 million affected in cyberattack

Clearwater Compliance

Clearwater Compliance helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.