Security News

A report of the European Union Agency for Cybersecurity explores how pseudonymization techniques can help increase the protection of health data. This is especially true since providing health services today implies an extended exchange of medical information and of health data among different healthcare service providers.

Amazon Web Services announced the general availability of Amazon HealthLake, a HIPAA-eligible service for healthcare and life sciences organizations to ingest, store, query, and analyze their health data at scale. Using Amazon HealthLake, organizations can easily move their FHIR-formatted health data from on-premises systems to a secure data lake in the cloud.

News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released. What is known about the data breach at the psychotherapy center?

There are growing privacy concerns among Americans due to COVID-19 with nearly 70 percent citing they would likely sever healthcare provider ties if they found that their personal health data was unprotected, a CynergisTek survey reveals. "As healthcare systems and corporations continue to grapple with data challenges associated with COVID-19 - whether that's more sophisticated, targeted cyber-attacks or the new requirements around interoperability and data sharing, concerns around personal data and consumer awareness of privacy rights will only continue to grow," said Caleb Barlow, president and CEO of CynergisTek.

Contact-tracing applications require employers to collect all kinds of employee health data that they never had to worry about before - temperatures, health symptoms and travel history, for example - and they aren't sure how to use and protect this data in a way that balances health and safety with privacy. To help get you started on the right path, here is a 10-point plan for securing PII, including new employee health data collected through COVID-19 contact-tracing applications and other healthcare tracking systems.

UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days after campaigners fired legal shots over a lack of transparency. Campaign groups Foxglove and openDemocracy, which brought the action, said that the documents show the tech firms were set to build data models for commercial purposes from NHS training data before being challenged.

Hacking incidents involving email appear to be the most common type of major health data breach being reported to federal regulators so far in 2020. A snapshot Wednesday of the Department of Health and Human Services' HIPAA Breach Reporting Tool shows that so far in 2020, 38 health data breaches affecting a total of about 1.1 million individuals have been added to the official tally.

Under HIPAA, covered entities are required to report breaches impacting protected health information within 60 days of discovering the breach. In its breach notification statement, PIH Health says that on June 18, 2019, it learned that certain PIH Health employee email accounts had potentially been accessed without authorization as a result of a targeted phishing campaign.

Patients and consumers deserve better access to personalized, actionable health care information to empower them to make better, more informed decisions - but it should not drive up health care costs or compromise the privacy of their personal health data, according to a poll of patients and consumers from Morning Consult and America's Health Insurance Plans. A strong majority of patients want their data and privacy protected more than ever, even if it means foregoing easier health data access.

While Congress is unlikely to pass major new national cybersecurity legislation in an election year, federal regulators and state attorneys general will be busy addressing evolving health data...