5 EHR Vendors Agree to Carequality Interoperability Framework
Following the publication of the Carequality Interoperability Framework last month, five major EHR vendors have signed up and agreed to adopt the Sequoia Project’s Carequality initiative. The Sequoia Project has announced that athenahealth Inc., eClinicalWorks, Epic Systems Corporation, NextGen Healthcare, and Surescripts have all agreed to adopt the new framework. Universal interoperability may be some way off, but the addition of the EHR vendors is seen as a major step in the right direction. Thanks to the comprehensive framework, the companies will reap a number of connectivity benefits that were previously difficult to attain until the Framework put an end to the need to enter into separate legal agreements with organizations before data sharing was possible. The announcement confirms that EHR vendors are committed to making total interoperability a reality for both patients and healthcare providers, and shows that universal interoperability could soon become a reality. Sequoia Project’s CEO Mariann Yeager recently said in an interview with EHRIntelligence, “We know there...
NCH Healthcare System Cyberattack Announced
The NCH Healthcare System cyberattack resulted in the compromising of two data center servers. Employee data were potentially accessed, but no patient health data were exposed. The NCH Healthcare System cyberattack took place on Wednesday last week. The intrusion detection alarm was triggered, allowing the cyberattack to be rapidly identified. Access to the servers was rapidly shut down. The Naples-based healthcare system operates the NCH Baker Hospital, formerly known as the NCH Downtown Naples Hospital, and the NCH North Naples Hospital, along with numerous clinics and outpatient centers in Naples, Florida. The affected servers were located in a data center in Kansas City, MO. The two Cerner Data Center servers were not used to store any patient data, although they did house a medical staff credentialing database and an employee information database. According to statements released by a representative of the Cerner Data Center and the Director of Marketing for NCH, no patient information was stored on the servers so none of the health systems patients have been affected by the...
9 Out of 10 Data Breaches Could Have Easily Been Avoided
Take a look at the healthcare data breach entries in the OCR web portal for 2015 (or any year) and you will notice the same types of data breaches are repeated time and again. The vast majority of those data breaches are avoidable. A large percentage involve the loss of portable storage devices such as zip drives and hard drives. Many cite stolen devices, with laptop theft particularly common. Then there are mistakes made with the configuration of servers and firewalls that have accidentally been switched off. Patches are not installed promptly leaving security vulnerabilities that can all too easily be exploited. Passwords are set that are too easy to guess, default logins are not changed, and risk assessments are not being conducted regularly. It may not always be possible to prevent a successful cyberattack, but it is possible to prevent the vast majority of data breaches. Study Finds 9 out of 10 Data Breaches Could Easily Have Been Avoided In fact, 9 out of 10 data breaches could easily have been avoided according to a study published by the Online Trust Alliance (OTA). The...
Happy Data Privacy Day
October is National Cybersecurity Awareness Month, but today – January 28 – is Data Privacy Day: An international day conceived as a way of improving awareness of privacy issues. It is a day when organizations in Europe and the United States recognize the importance of safeguarding data, protecting privacy, and building the trust of consumers (and patients). Given the volume of healthcare records exposed in 2015 and the number of data breaches still being suffered by HIPAA-covered entities, this year Data Privacy Day is more important than ever before. Happy Data Privacy Day – May the Next 24 Hours be Free of Privacy Breaches! Data Privacy Day started in 2007 across the pond in Europe, where it is known as European Data Protection Day. 47 European countries honor the day and are involved in campaigns to raise awareness of data privacy issues and share information that can help corporations and individuals better protect stored and shared data. With a unanimous vote of 402-0, the House of Representatives followed suit two years later and also chose to use January 28 as a day to...
Community Mercy Health Partners Notifies Patients of November Data Breach
In late November, a member of the public discovered a number of documents at a recycling center that appeared to have come from hospitals run by Community Mercy Health Partners. The documents contained detailed information about patients who had received medical services between 2005-2013. The information in the documents included patient names, accession numbers, guarantor information, types of study they were involved in, medical diagnoses, health insurance details, physician names, as well as driver’s license details, Social Security numbers, and some clinical information. LeRoy Clouser discovered the files in a number of dumpsters and alerted the Springfield Police of his find. Community Mercy Health Partners was subsequently advised by law enforcement officers about the dumped records and sent staff to retrieve the documents. The matter was reported in the media at the time, although it has taken some time for an investigation to be conducted and for all patients to be identified. That investigation is now complete and patients started being notified of the data breach on...



