Health IT Privacy & Security

Articles and education for healthcare professionals on best practices and guidelines for health IT privacy & security.

OCR Guidance on Ensuring Equal Access to Emergency Services During Hurricane Florence OCR Guidance on Ensuring Equal Access to Emergency Services During Hurricane Florence

OCR Guidance on Ensuring Equal Access to Emergency Services During Hurricane Florence

Nathan E Botts 0 22936 Article rating: 5.0

Official guidance from the Office for Civil Rights

As Hurricane Florence makes landfall, the HHS Office for Civil Rights (OCR) and its federal partners remain in close coordination to help ensure that emergency officials effectively address the needs of at-risk populations as part of disaster response. If you believe that a person or organization covered by the Privacy and Security Rules (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy or Security Rules, you may file a complaint with OCR. For additional information about how to file a complaint, visit OCR's web page on filing complaints at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

Read more
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware

Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware

Nathan E Botts 0 21647 Article rating: No rating

I woke up to a flood of news about ransomware today. By virtue of being down here in Australia, a lot happens in business hours around the world while we're sleeping but conversely, that's given me some time to collate information whilst everyone else is taking a break. The WannaCry incident is both new and scary in some ways and more of the same old stuff in others. Here's what I know and what the masses out there need to understand about this and indeed about ransomware in general.

Read more
Ransomware Fact Sheet Ransomware Fact Sheet

Ransomware Fact Sheet

Nathan E Botts 0 12554 Article rating: No rating

Guidance from the U.S. Department of Human Services

From the HHS Ransomware Fact Sheet:

A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015).1 Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data.

Read more
Everything you wanted to know about SQL injection Everything you wanted to know about SQL injection

Everything you wanted to know about SQL injection

Nathan E Botts 0 13648 Article rating: No rating

But were afraid to ask...

From the Troy Hunt article:

"The indictment also suggest that the hackers, in most cases, did not employ particularly sophisticated methods to gain initial entry into the corporate networks. The papers show that in most cases, the breach was made via SQL injection flaws -- a threat that has been thoroughly documented and understood for well over than a decade."

Read more
Health app developers, what are your questions about HIPAA? Health app developers, what are your questions about HIPAA?

Health app developers, what are your questions about HIPAA?

Nathan E Botts 0 19482 Article rating: No rating

A resource from the US Office for Civil Rights

From the OCR website: 

We are experiencing an explosion of technology using data about the health of individuals in innovative ways to improve health outcomes. Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is safe and secure and will be used and disclosed only as approved or expected. Such protections are sometimes required by federal and state laws, including the HIPAA Privacy, Security and Breach Notification Rules.

Read more