Best Practices

HHS Releases Voluntary Cybersecurity Practices, Supplementing Existing Requirements


At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly… more

The Importance of Context with Genetic Privacy


As consumers, when we think of privacy, one of the first adjectives that springs to mind should be “inconsistent.” Consumers claim to want their personal information used only for the purposes they originally provided it, and protected until (somewhat famously) they are asked to exchange their passwords for chocolate. This privacy paradox has been supported both anecdotally and with data-based studies. Without biting into the question of the quality of chocolate offered in the password exchange, the general point remains that individuals’ comfort levels appear… more