Medigy Logo The Healthcare IT Guy
Person name
Managing Editor
@ShahidNShah

Government Regulations

A collection of 7  Posts

Encryption at rest and encryption in transit for HIPAA compliance are not easy questions to answer

Given the number of breaches we’ve seen this Summer at healthcare institutions, I’ve just spent a ton of time recently on several engineering engagements looking at “HIPAA compliant” encryption (HIPAA compliance is in quotes since it’s generally meaningless). Since I’ve heard a number of developers say “we’re HIPAA compliant because we encrypt our data” I wanted to take a moment to unbundle that statement and make sure we all understand what that means.

Shahid N. Shah

The causes of digital patient privacy loss in EHRs and other health IT systems

This past Friday I was invited by the Patient Privacy Rights (PPR) Foundation to lead a discussion about privacy and EHRs. The discussion, entitled “Fact vs. Fiction: Best Privacy Practices for EHRs in the Cloud,” addressed patient privacy concerns and potential solutions for doctors working with EHRs. While we are all somewhat disturbed by the slow erosion of privacy in all aspects of our digital lives, the rather rapid loss of patient privacy around health data is especially unnerving because healthcare is so near and dear to us all.

Shahid N. Shah

Protect yourself from Shadow IT, embrace “good enough for HIPAA” secure cloud services like Box and Skydrive

It’s a common misconception that if executives at hospitals or practices don’t have time to deliver sophisticated IT solutions to their users that users will just wait patiently and hope that solutions will arrive someday. However, there is a larger Shadow IT movement in many clinical settings than senior executives are willing to admit. Given the wealth of cloud offerings available, many of which have better security in the cloud than some on-premises “clinical” solutions, Shadow IT is growing and will cause more problems in the future as we try to reign it in.

Shahid N. Shah

Healthcare Cloud definitions should be based on NIST’s definitions

As most of my regular readers know, I work as a technology strategy advisor for several different government agencies; in that role I get to spend quality time with folks from NIST (the National Institute of Standards and Technology), what I consider one of the government’s most prominent think tanks. They’re doing yeoman’s work trying to get the massive federal government’s different agencies working in common directions and the technology folks I’ve met seem cognizant of the influence (good and bad) they have; they seem to try to wield that power as carefully as they know how.

Shahid N. Shah

FDA’s new draft guidance on mobile apps and what it means to health IT vendors

The FDA released the (currently non-binding) “Draft Guidance for Industry and Food and Drug Administration Staff on Mobile Medical Applications” earlier this week. I knew many of my clients and readers would be asking about the ramifications of this new guidance so I read the document as soon as it came out. In general I was impressed by the FDA’s balanced approach to patient safety and their desire not to stifle competition; overall I thought they were not looking to overreach their purview and I think they succeeded (except for the part on clinical decision support, discussed further below).

Shahid N. Shah

Medigy Innovation Network

Connecting innovation decision makers to authoritative information, institutions, people and insights.

Medigy Logo

The latest News, Insights & Events

Medigy accurately delivers healthcare and technology information, news and insight from around the world.

The best products, services & solutions

Medigy surfaces the world's best crowdsourced health tech offerings with social interactions and peer reviews.

© 2025 Netspective Media LLC. All Rights Reserved.

Built on Mar 12, 2025 at 5:07am