Events Calendar

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
29
30
31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
The International Meeting for Simulation in Healthcare
The International Meeting for Simulation in Healthcare
2015-01-10 - 2015-01-14    
All Day
Ernest N. Morial Convention Center
Registration is Open! Please join us on January 10-14, 2015 for our fifteenth annual IMSH at the Ernest N. Morial Convention Center in New Orleans, Louisiana. Over [...]
More Info
Finding Time for HIPAA Amid Deafening Administrative Noise
Finding Time for HIPAA Amid Deafening Administrative Noise
2015-01-14    
1:00 pm - 3:00 pm
Online
January 14, 2015, Web Conference 12pm CST | 1pm EST | 11am MT | 10am PST | 9am AKST | 8am HAST Main points covered: [...]
More Info
Meaningful Use Attestation, Audits and Appeals - A Legal Perspective
Meaningful Use Attestation, Audits and Appeals - A Legal Perspective
2015-01-15    
2:00 pm - 3:30 pm
Online
Join Jim Tate, HITECH Answers  and attorney Matt R. Fisher for our first webinar event in the New Year.   Target audience for this webinar: [...]
More Info
iHT2 Health IT Summit
iHT2 Health IT Summit
2015-01-20 - 2015-01-21    
All Day
Omni San Diego Hotel
iHT2 [eye-h-tee-squared]: 1. an awe-inspiring summit featuring some of the world.s best and brightest. 2. great food for thought that will leave you begging for more. 3. [...]
More Info
Chronic Care Management: How to Get Paid
Chronic Care Management: How to Get Paid
2015-01-22    
1:00 pm - 2:00 pm
Online
Under a new chronic care management program authorized by CMS and taking effect in 2015, you can bill for care that you are probably already [...]
More Info
Proper Management of Medicare/Medicaid Overpayments to Limit Risk of False Claims
Proper Management of Medicare/Medicaid Overpayments to Limit Risk of False Claims
2015-01-28    
1:00 pm - 3:00 pm
Online
January 28, 2015 Web Conference 12pm CST | 1pm EST | 11am MT | 10am PST | 9AM AKST | 8AM HAST Topics Covered: Identify [...]
More Info
Events on 2015-01-10
The International Meeting for Simulation in Healthcare
The International Meeting for Simulation in Healthcare
10 Jan 15
New Orleans
Events on 2015-01-14
Finding Time for HIPAA Amid Deafening Administrative Noise
Finding Time for HIPAA Amid Deafening Administrative Noise
14 Jan 15
Online
Events on 2015-01-15
Meaningful Use Attestation, Audits and Appeals - A Legal Perspective
Meaningful Use Attestation, Audits and Appeals - A Legal Perspective
15 Jan 15
Online
Events on 2015-01-20
iHT2 Health IT Summit
iHT2 Health IT Summit
20 Jan 15
San Diego
Events on 2015-01-22
Chronic Care Management: How to Get Paid
Chronic Care Management: How to Get Paid
22 Jan 15
Online
Events on 2015-01-28
Proper Management of Medicare/Medicaid Overpayments to Limit Risk of False Claims
Proper Management of Medicare/Medicaid Overpayments to Limit Risk of False Claims
28 Jan 15
Online
Latest News

Aug 08 : OIG Finds Privacy and Security Risks with ONC EHR Certification Process

August 8, 2014
oig
It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy and security of the protected health information (PHI) hosted by electronic health records (EHR).In an August 2014 report (A-06-11-00063), OIG concluded that the process ONC uses to certify EHR is not sufficient to ensure the privacy and security of the EHR PHI.I have attached a link to the OIG report and included regarding the findings and recommendations of the OIG.

WHAT WE FOUND

ONC’s oversight of the ATCBs did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in EHRs. Specifically, ONC did not ensure that the ATCBs:

  • developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and
  • developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

The ATCBs’ standards and procedures for testing and certifying EHRs met all NIST test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.

WHAT WE RECOMMEND

To ensure that each patient’s health information in EHRs is secure and protected, we recommend that ONC require the ATCBs to:

  • develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and
  • develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

We also recommend that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.

Source

Post Views: 321