Navigating the Complexities of HIPAA and Personal Health Data Security

The importance of individual vigilance in data protection

Nathan E Botts 0 1754 Article rating: No rating

The Wired article, "What Doctors Wish You Knew About HIPAA and Data Security," delves into the limitations and misunderstandings surrounding the Health Insurance Portability and Accountability Act (HIPAA) in safeguarding personal health data. It highlights that HIPAA primarily regulates healthcare entities but does not cover consumer-generated data or information shared outside traditional medical settings, such as through personal devices or social media. The piece underscores the importance of individual vigilance in data protection, emphasizing the use of multi-factor authentication and careful sharing of personal health information, especially in non-regulated platforms. This article serves as a crucial reminder of the evolving challenges in health data security and the shared responsibility between healthcare providers and individuals in protecting sensitive health information.

A Cybersecurity Action Plan for Protecting Personal Health Data

Ensuring privacy and maintaining trust between individuals and healthcare providers

Nathan E Botts 0 2191 Article rating: No rating

It is crucial to have a Cybersecurity Action Plan for Protecting Personal Health Data because personal health data is sensitive and valuable information. A well-designed plan helps safeguard this data from unauthorized access, cyber threats, and potential misuse, ensuring privacy and maintaining trust between individuals and healthcare providers. Additionally, protecting personal health data reduces the risk of identity theft, fraud, and financial loss while also preserving the integrity and accuracy of medical records. Implementing a cybersecurity action plan promotes compliance with relevant data protection regulations, fosters a culture of security awareness, and contributes to overall digital safety.

The PATCH Act

A bill that aims to improve medical device and network security.

Nathan E Botts 0 2917 Article rating: 4.0

A new Senate bill introduced in early April 2022 (including legislation in the House) would require medical device developers to be more accountable for the cybersecurity of their products.

Sens. Tammy Baldwin, D-Wisconsin, and Dr. Bill Cassidy, R-Louisiana, have introduced the bipartisan Protecting and Transforming Cyber Health Care Act.

FDA Playbook on Medical Device Cybersecurity

Regional Incident Preparedness and Response Playbook

Nathan E Botts 0 6531 Article rating: No rating

From the MITRE website:

The Medical Device Cybersecurity Regional Incident Preparedness and Response Playbookoutlines a framework for health delivery organizations (HDOs) and other stakeholders to plan for and respond to cybersecurity incidents around medical devices, ensure effectiveness of devices, and protect patient safety.

The healthcare sector knows how to prepare for and respond to natural disasters. It is less prepared, however, to handle cybersecurity incidents, particularly those involving medical devices. Recent global cyber attacks highlighted the need for more robust cybersecurity preparedness to execute an enhanced, effective, real-time response that enables continuity of clinical operations.

Securing Electronic Health Records on Mobile Devices

Guidance from the National Institute of Standards and Technology (NIST) Special Publication: 1800-1

Nathan E Botts 0 5571 Article rating: No rating

Using mobile devices to store, process, and transmit patient information has become increasingly popular amongst healthcare providers. When health information is compromised, organizations can face penalties and lose consumer trust, and patient care and safety may be at risk.

To address this challenge, cybersecurity experts at the NCCoE collaborated with the healthcare industry and technology vendors to develop an example solution to show healthcare providers how they can secure electronic health records on mobile devices. The solution is guided by standards and best practices from NIST and others, including the Health Insurance Portability and Accountability Act (HIPAA) rules.

Quantified Self

Guide to Self-Tracking Tools

Nathan E Botts 0 823 Article rating: No rating

Quantified Self logo

The Quantified Self website provides a current list of many of the self-tracking tools out there.

Cyber Vitals: Information for Patients' Medical Device Health

Cybersecurity Awareness for Connected Medical Devices from the FDA

Nathan E Botts 0 2106 Article rating: No rating

As medical devices become more networked, they may become vulnerable to cybersecurity threats. Patients should preserve their personal information, monitor their device for strange symptoms or behaviors, and receive a device check-up from their health care practitioner or the device maker, according to the US Food and Drug Administration (FDA).

The Walking Interventions Through Texting (WalkIT) Trial

Article from the Journal of Medical Internet Research

Gathered by mFHAST 0 4038 Article rating: No rating

From the PubMed abstract: "Participants enrolled in a 2x2 factorial RCT and were assigned to one of four semi-automated, text message-based walking interventions. Experimental components included adaptive versus static steps/day goals, and immediate versus delayed reinforcement. Principles of percentile shaping and behavioral economics were used to operationalize experimental components. A Fitbit Zip measured the main outcome: participants' daily physical activity (steps and cadence) over the 4-month duration of the study. Secondary outcomes included self-reported PA, psychosocial outcomes, aerobic fitness, and cardiorespiratory risk factors assessed pre/post in a laboratory setting. Participants were recruited through email listservs and websites affiliated with the university campus, community businesses and local government, social groups, and social media advertising."

mFHAST Implications: Opportunity for text-message based reinforcement to increase effectiveness of a behavioral intervention (encouraging increased walking habits)

Comparison of text-messaging to voice telephone interviews for active surveillance of adverse events following immunisation

Article from ScienceDirect

Gathered by mFHAST 0 2567 Article rating: No rating

From the PubMed abstract: "A number of 344 women who received TIV were randomly assigned to a telephone interview group. They were telephoned seven days post-vaccination and administered a standard survey soliciting any adverse events following immunisation (AEFI) they experienced. They were matched by brand of vaccine, age group, and residence to 344 women who were sent a SMS seven days post-vaccination. The SMS solicited similar information. AEFI reported by SMS and telephone interview were compared by calculating risk ratios."

mFHAST Implications: Opportunities to use SMS for vaccination program adverse event reporting collection. 

Using SMS to monitor adverse events following trivalent influenza vaccination in pregnant women

An article from the Australian and New Zealand Journal of Obstetrics and Gynaecology

Gathered by mFHAST 0 5141 Article rating: No rating

From the article abstract: "Trivalent influenza vaccine (TIV) has been recommended for pregnant women in Australia for more than a decade and funded since 2009, yet vaccination coverage remains low. Misperceptions of the safety of TIV in pregnancy have been identified as a major contributor to low vaccination rates. Ongoing safety monitoring with dissemination of results could help improve antenatal influenza vaccine uptake."

mFHAST Implications: Opportunity for use of SMS for pregnancy related vaccination adverse event reporting

RSS