HIPAA

HHS Releases Voluntary Cybersecurity Practices, Supplementing Existing Requirements

At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly… more

Healthcare Innovators and Investors, Take Note: The HIPAA Privacy RFI Can Benefit You

This past Friday, the Office of Civil Rights within the U.S. Department of Health and Human Services published a formal Request for Information on Modifying HIPAA Rules to Improve Coordinated Care. The RFI’s publication starts a 60-day comment period ending on February 12, 2019. As many of us prepare for the J.P. Morgan Healthcare Conference in January, and then HIMSS in February, savvy healthcare innovators and investors will recognize this RFI as an opportunity to help frame the discussion about how to lower privacy barriers… more

The Continuing Challenge of Cybersecurity Hygiene in Digital Health and Life Sciences

A recent issue of MIT’s Technology Review magazine is titled, “Look how far precision medicine has come.“ At least part of the premise is that personalized medicine or precision medicine is not perceived as having made the great strides promised nearly 20 years ago, when genome mapping was increasingly feasible and affordable. What is not up for debate is the extent to which life sciences and digital health firms rely upon increasingly distributed data collection and analytics. The data security challenges confronting healthcare delivery become… more