Latest news with #PHI
Business Journals
2 days ago
- Health
- Business Journals
Ambient AI tools in health care: A new companion for clinicians
Ambient listening artificial intelligence (Ambient AI) is gaining traction in the clinical setting. Ambient AI tools passively 'listen' to conversations between clinicians and patients and, based on these conversations, automatically transcribe and summarize encounters. Ambient AI has the potential to reduce the time that treating clinicians spend documenting patient encounters, which may reduce clinician burnout over time. Importantly, Ambient AI should enhance patient experience and improve the accuracy of patient encounter documentation. Ambient AI systems typically rely on microphones integrated into smartphones, tablets or dedicated in-room devices. These systems use automatic speech recognition with natural language processing and machine-learning algorithms to extract relevant clinical information from a conversation. In many cases, the output is a draft clinical note or a structured data entry into the electronic health record system, without manual input from a clinician. Legal and ethical considerations Ambient AI tools involve unsettled questions of legal and ethical responsibility. As covered entities under the Health Insurance Portability and Accountability Act (HIPAA), clinicians are responsible for implementing measures to maintain the privacy and security of protected health information (PHI). Clinicians must also ensure that their technology vendors, if they receive or maintain PHI on behalf of clinicians, also maintain the privacy and security of PHI. Therefore, clinicians must understand how an Ambient AI tool functions with respect to PHI to apply the appropriate privacy and security standards to the entity that provides the Ambient AI tool. Another important threshold question is whether a clinician must inform patients that the clinician will use an Ambient AI tool to record conversations between the clinician and the patient. Regardless of state law consent requirements for recording conversations, health care settings are unique environments that may mitigate in favor of disclosing the use of Ambient AI to patients. Legal and ethical obligations related to informed consent, transparency and patient trust support the disclosure of the use of an Ambient AI tool. Clinicians should be ready to discuss how Ambient AI is utilized, appreciating that some patients may view the use of an Ambient AI tool to record conversations negatively and may withhold important medical information as a result. Under HIPAA, a patient has a right to adequate notice of the uses and disclosures of PHI by a clinician. Clinicians satisfy this obligation by providing patients a notice of privacy practices (NPP). Current guidance does not specifically address Ambient AI and whether its use must be disclosed. That will likely change. Until then, clinicians must determine, based on how an Ambient AI tool interacts with PHI, whether the tool must be disclosed as part of the clinicians' NPPs. Disclosure is the safest way to ensure compliance. Best practices and compliance recommendations Clinicians considering implementing an Ambient AI tool should: Establish clear protocols to obtain patient consent to use the tool. Understand how the Ambient AI tool functions in order to hold vendors to appropriate privacy and security standards. Develop a fulsome audit strategy to continually monitor the accuracy of the Ambient AI tool's output. expand William P. Keefer, Partner and Co-Leader of Phillips Lytle's Health Care and Life Sciences Team, counsels hospitals, physician groups and other health care clients on a broad array of issues. He can be reached at wkeefer@ or (716) 847-5488. expand
Geek Vibes Nation
5 days ago
- Health
- Geek Vibes Nation
How To Protect PHI In The Cloud: A Healthcare Guide
Protected Health Information (PHI) refers to a person's health data, including medical records, diagnoses, treatment details, or billing information. This data can be collected and stored when individuals interact with healthcare providers, insurance companies, hospitals, or health-related platforms. Since this information is sensitive and personal, anyone who stores or manages PHI is responsible for keeping it secure, whether it's a healthcare organization, a digital health service, or a cloud provider. This includes information such as: Patient names Medical record numbers Health insurance details Social Security numbers Test results and prescriptions Dates of birth and addresses Billing and payment information PHI becomes especially sensitive because it combines personal identity with private medical data, making it a high-value target for cybercriminals. If this information is exposed or compromised, it can lead to: Identity theft Medical fraud Unauthorized use of insurance benefits Reputational harm Loss of trust in healthcare providers In the wrong hands, even a seemingly minor piece of PHI can be used to construct full identity profiles or conduct fraudulent activities, making the consequences of a data breach potentially devastating for both individuals and healthcare organizations. Moreover, mishandling PHI can trigger serious legal and financial penalties under privacy laws such as HIPAA (in the U.S.), which strictly governs how PHI should be stored, transmitted, and accessed. Because of this high sensitivity and legal responsibility, PHI demands the highest level of protection, especially when stored or processed in cloud environments. Key Challenges of Storing PHI in Cloud Environments Storing PHI in the cloud helps healthcare organisations scale quickly, reduce costs, and improve accessibility. However, it also brings several challenges. From legal compliance to security missteps, each issue needs to be addressed carefully to keep data safe. 1. Meeting Security and Compliance Requirements Healthcare data must comply with strict privacy and security laws such as HIPAA, GDPR, and local regulations. These laws define how PHI should be stored, accessed, and shared. In cloud environments, ensuring compliance requires strong encryption, strict access controls, audit logging, and regular risk assessments. If not implemented correctly, non-compliance can lead to serious penalties. 2. Understanding Shared Responsibility Cloud service providers manage the physical infrastructure and core services. However, healthcare organizations are still responsible for securing their data within the cloud. This includes setting up proper access control, using secure architecture, writing secure application code, applying data encryption, and regularly monitoring their systems. Without this, misconfigurations and security gaps are likely. 3. Rising Cybersecurity Threats PHI is a common target for cyberattacks because it holds high value. Threats like ransomware, phishing, and unauthorized access can lead to data breaches. If attackers gain access, the data can be sold, misused, or leaked, resulting in privacy loss, financial damage, and legal action against the healthcare provider. 4. Cloud Misconfigurations Simple mistakes such as leaving cloud storage buckets publicly accessible or forgetting to enable encryption can expose sensitive data. These misconfigurations often happen during manual setup or due to a lack of proper knowledge, and they're one of the leading causes of PHI exposure. Cloud platforms often rely on third-party tools for added functionality. If these external tools are not secure or compliant, they become a weak link. Healthcare organizations must evaluate every vendor they connect with to ensure they meet security standards. 6. Limited Visibility and Control In traditional on-premise systems, organizations can see and control everything. In cloud environments, that visibility is reduced. It becomes harder to track who accessed what data, when, and from where, especially if real-time monitoring tools like AWS CloudTrail or Azure Monitor aren't in place. 7. Data Location and Jurisdiction Risks Cloud providers may store data across global data centers. If PHI is stored in another country, it may fall under different legal systems. This can lead to conflicts with local regulations and affect data privacy. Healthcare providers must ensure that data is stored in permitted locations. Best Practices to Protect PHI in the Cloud Protecting PHI in the cloud requires a combination of the right technologies, strong policies, and well-planned system design. Below are some essential practices healthcare organizations should follow to keep individual medical data safe and compliant. 1. Choose a HIPAA-Compliant Cloud Provider Cloud providers like AWS, Azure, and GCP offer HIPAA-eligible services along with a signed Business Associate Agreement (BAA). For example, AWS HIPAA compliance ensures that healthcare organizations can use approved cloud services with the required security controls, encryption, and access management to safely process and store PHI. 2. Use Strong Data Encryption Data should be encrypted both at rest (when stored) and in transit (when being shared or moved). Most cloud platforms offer built-in encryption services. Organizations can also use Bring Your Own Key (BYOK) options for better control over encryption keys. 3. Implement Identity and Access Management (IAM) Not everyone needs access to all data. Use role-based access control (RBAC) to limit who can view or modify PHI. Also, enable multi-factor authentication (MFA) to add an extra layer of security when users log in. 4. Design a Secure Cloud Architecture Secure systems start with secure design. Use best practices like: Isolating sensitive workloads using virtual networks Applying firewalls and security groups Limiting public internet exposure Following the principle of least privilege These steps reduce the attack surface and help prevent unauthorized access. 5. Monitor, Audit, and Log Everything Set up continuous monitoring tools to detect unusual activities. Keep logs of who accessed what data and when. Regular auditing ensures that systems are working correctly and helps meet compliance standards. 6. Regular Backups and Disaster Recovery Create automatic backups of critical data and applications. Store them in secure, separate locations. Test your disaster recovery plans regularly to ensure systems can be restored quickly in case of an incident. 7. Train Your Staff Even strong technology can fail if employees are careless. Provide regular training on: Recognizing phishing attacks Following secure login practices Reporting suspicious activity Educated staff play a key role in keeping PHI safe. Conclusion Storing and protecting PHI in the cloud demands more than just a technical setup. It requires a security-first mindset backed by clear compliance measures. With growing data risks and strict regulations, healthcare providers must act wisely. Leveraging reliable and professional cloud consulting services ensures your cloud setup remains secure, HIPAA-compliant, and ready to scale with healthcare demands.
Business Wire
02-07-2025
- Health
- Business Wire
Microsoft's Email Encryption Behavior May Violate HIPAA, New Paubox Report Warns
SAN FRANCISCO--(BUSINESS WIRE)--A new report from Paubox, a leader in HIPAA compliant email, reveals that Microsoft 365's email encryption behavior could be putting healthcare organizations at serious risk of noncompliance. Microsoft 365's email encryption behavior could be putting healthcare organizations at serious risk of noncompliance Share In a series of controlled TLS experiments, Paubox researchers found that Microsoft 365 may transmit messages in cleartext when encryption fails, without bouncing the message, alerting the sender, or logging any evidence of the failure. This occurred when messages were sent to recipient servers that did not support modern TLS protocols. The messages in question contained simulated PHI and were sent in accordance with typical 'force TLS' configurations that many IT leaders believe are sufficient for HIPAA compliance. 'Our team expected the message to bounce,' said Hoala Greevy, CEO of Paubox. 'Instead, it went through unencrypted—and unless you knew where to look in the headers, you'd have no idea.' Microsoft's fallback behavior directly contradicts the expectations outlined in HIPAA's Security Rule (45 CFR §164.312(e)(1)), which requires technical safeguards to ensure PHI is protected in transit. If encryption fails, and there is no way to detect or prove it, healthcare organizations may be unknowingly transmitting PHI without the protections HIPAA requires. According to the report: Microsoft 365 will attempt TLS fallback—and if that fails, deliver in cleartext No warning or notification is provided to the sender Encryption failures are not recorded in any accessible audit trail This behavior is the default, not a misconfiguration Paubox also calls out broader issues with relying on force TLS settings in cloud platforms, calling the practice a 'false sense of security that cannot be audited.' Healthcare IT and compliance leaders are encouraged to review the findings and test their own environments. The full report, How Microsoft and Google Put PHI at Risk, is available here:
Fox Sports
30-06-2025
- Sport
- Fox Sports
2025-26 NBA Odds: How Will Cooper Flagg Fare In Rookie Season?
There wasn't much suspense at the top of the 2025 NBA Draft. Duke star Cooper Flagg was a shoo-in to go No. 1 to Dallas, and now, it's time to look toward the season. How much will Flagg produce during his rookie season? Let's check out the odds at DraftKings Sportsbook as of June 30. Cooper Flagg points per game Over 16.9: -115 (bet $10 to win $18.70 total) Under 16.9: -115 (bet $10 to win $18.70 total) Cooper Flagg rebounds per game Over 6.1: -115 (bet $10 to win $18.70 total) Under 6.1: -115 (bet $10 to win $18.70 total) Right now, the odds say Flagg is projected to average about 16 points and six rebounds. How would those numbers compare to top picks of the past? Let's take a look at the points and rebounds per game for No. 1 picks during their rookie seasons in the last 10 years. Zaccharie Risacher (2024, ATL): 12.6 points, 3.6 reboundsVictor Wembanyama (2023, SAS): 21.4 points, 10.6 reboundsPaolo Banchero (2022, ORL): 20 points, 6.9 reboundsCade Cunningham (2021, DET): 17.4 points, 5.5 reboundsAnthony Edwards (2020, MIN): 19.3 points, 4.7 reboundsZion Williamson (2019, NO): 22.5 points, 6.3 reboundsDeandre Ayton (2018, PHX): 16.3 points, 10.3 reboundsMarkelle Fultz (2017, PHI): 7.1 points, 3.1 reboundsBen Simmons (2016, PHI): 15.8 points, 8.1 rebounds Karl-Anthony Towns: (2015, MIN): 18.3 points, 10.5 rebounds First off, of those 10 names, four of them won Rookie of the Year (Wembanyama, Banchero, Simmons, Towns). Flagg is currently the -185 favorite to do the same. From a statistical perspective, only Risacher, Fultz and Simmons averaged fewer than 16 points, and Risacher, Cunningham, Edwards and Fultz averaged fewer than six rebounds, the marks that Flagg is expected to hit. Wembanyama, Ayton and Towns are the only three No. 1 picks in the last decade to average double-doubles as rookies. During his single season at Duke, Flagg averaged 19.2 points and 7.5 rebounds en route to winning a bevy of awards, including the Wooden Award. Want great stories delivered right to your inbox? Create or log in to your FOX Sports account, and follow leagues, teams and players to receive a personalized newsletter daily! recommended Get more from National Basketball Association Follow your favorites to get information about games, news and more
GMA Network
26-06-2025
- Business
- GMA Network
Razon-led Prime Electric's More, Negros Power, Bohol Light slash power rates
Tycoon Enrique Razon Jr.'s Prime Electric Holdings Inc. (PHI), through its utility units—More Power in Iloilo City, Negros Power in Central Negros, and Bohol Light in Bohol—has implemented a significant reductions for its power rates this month. In a new release on Thursday, customers of Bohol Light would expect a 75-centavo rollback per kilowatt-hour (kWh) in their bills, which would translate to a P150 in savings for an average household consuming 200 kWh. In Iloilo City, customers of More Electric and Power Corporation would enjoy a rate decrease of 61 centavos per kWh, resulting in an estimated P122 bill reduction for those who are consuming 200 kWh. Meanwhile, customers in Central Negros would look forward to a 55-centavo per kWh cut, lowering the residential electricity rate from P11.69 to P11.14 per kWh. For Central Negros households using 200 kWh monthly, this would mean a P110 in savings, according to PHI. PHI said the total rate reduction for its three distribution utilities stood at P1.91, on the back of 'several favorable economic factors,' including lower costs in the Wholesale Electricity Spot Market and decreased transmission charges. The rate reductions position the three utilities among the most affordable electricity providers in the Visayas region, according to the company. Roel Castro, president and CEO of PHI, said that the company remains committed to delivering affordability and reliability, ensuring that every peso saved on electricity goes toward improving the lives of the communities they serve. "Our goal is to pass these savings directly to consumers, helping families allocate funds toward essentials like food, education, and other vital needs," said Castro. PHI said it continues to prioritize infrastructure upgrades, system loss reduction programs, and smart market participation strategies to sustain low rates while enhancing service quality. — Ted Cordero/BM, GMA Integrated News
