Wade’s Healthcare Privacy Advisor for November 11, 2024

Blockchain

The integration of AI and Blockchain technologies promises to revolutionize industries by enhancing transparency, security, and efficiency. While offering significant benefits, this convergence also raises challenges related to scalability, data privacy, and regulatory compliance. Despite these obstacles, the potential applications and innovations stemming from this synergy are vast and promising.

The Health Infrastructure Security and Accountability Act (HISAA) aims to establish mandatory minimum security standards for healthcare organizations to protect healthcare information. HISAA proposes annual audits and stress tests, increased accountability and penalties, and financial support for enhancements. The bill seeks to address the patchwork of healthcare data security standards and bring them under one minimum umbrella.
Stolen credentials are a significant security risk, as evidenced the recent breach at Change Healthcare. To combat this, organizations should enforce strong passwords, monitor credential sites, and educate employees about the dangers of credential theft.
Health data from most period-tracking apps is not protected under HIPAA, as these apps are typically not considered covered entities. While some apps claim HIPAA compliance, this is often misleading and may indicate a lack of protection.

Ransomware attacks, while slightly less frequent in H1 2024, saw a 68% increase in severity, with average losses reaching a record high. Businesses with over $100 million in revenue experienced the most significant impact, with a 140% increase in losses. While BEC attacks remained the most common cause of claims, ransomware attacks were the third most common, with exposed login panels and outdated technologies increasing the likelihood of a claim.
A new report reveals a four-year high in ransomware attacks on healthcare organizations, with 67% reporting incidents in the past year. These attacks are increasingly complex, with longer recovery times and higher costs, averaging $2.57 million in 2024. Attackers are also targeting data backups, increasing pressure on organizations to pay ransoms.

The return of Donald Trump to the White House raises questions about potential changes to healthcare cybersecurity and HIPAA regulations. While some experts anticipate a reversal of the Biden administration’s reproductive health data privacy protections, others believe the Trump administration will focus on completing previously proposed HIPAA Privacy Rule changes. Cybersecurity, however, is seen as a non-partisan issue, with potential for continued focus on implementing stronger practices and potentially updating the HIPAA Security Rule.
The California Privacy Protection Agency (CPPA) will investigate data broker compliance with registration requirements under the California Delete Act. Data brokers must register by January 31, 2025, providing information about their operations and consumer rights requests.

The disconnect between physical and mental healthcare in the U.S., particularly in underserved areas, is a major issue. The CMS’s ACO Primary Care Flex Model aims to address this by promoting integrated care and value-based reimbursement. Healthcare information technology plays a crucial role in enabling seamless data exchange and collaboration among providers, ultimately improving patient outcomes.