skip to Main Content
Talk to a Security Expert Now: (800) 721-9177

IT Security Blog

Independent research and articles on IT security, healthcare security, and hacking techniques.

Contact Us

Healthcare IT Security – The “Not So Big Easy”

HIMSS, the healthcare industry’s standard bearer for the promotion of information technology (IT), held its 13th annual conference in New Orleans last month. Nearly 35,000 people attended the event including former president Bill Clinton, fellow politicos James Carville and Karl Rove, and bow-tied Dr. Farzad Mostashari, HHS’s National Coordinator for Health Information Technology.

Interoperability and exchange were the hot topics of the week, further jazzed by the recently announced CommonWell Health Alliance – a 6-party partnership between Cerner, McKesson, Allscripts, athenahealth, Greenway Medical Technologies and RelayHealth. Notably absent from the Gang of 6 is Epic, the undisputed EHR market heavyweight. Depending on who you ask, Epic was either not invited to join CommonWell or chose not to participate. Epic’s CEO, Judy Faulkner, said that the alliance is less about interoperability and more about competition. “It appears on the surface to be used as a competitive weapon and that’s just wrong. It’s wrong for the country.”? When asked to referee, ONC’s Dr. Mostashari said he didn’t want to get into a “he-said, she-said.” The dust-up made the Karl Rove – James Carville debate look tame by comparison.

Read More

A Blue Note: Looking Deeper at the 2009 PHI Breach at BlueCross BlueShield Tennessee

Did BCBST get off easy? Well, they certainly did a good job of damage control. But in today’s environment, I doubt anyone could follow suit. BCBST very likely benefitted from HHS/OCR not being in position to immediately enforce the Breach Rule given that the HITECH Act itself has only just been enacted a few months prior to the breach. Now, some 2½ years later, they’ve had a chance to implement a stronger IT security program, including the encryption of its PHI data-at-rest, a step we at Redspin strongly advocate. Also, no cases of ID theft or fraud have come to light as a result of their breach.
Read More
Back To Top