Events Calendar

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
29
30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
2
A Behavioral Health Collision At The EHR Intersection
A Behavioral Health Collision At The EHR Intersection
2014-09-30    
2:00 pm - 3:30 pm
Online
Date/Time Date(s) - 09/30/2014 2:00 pm Hear Why Many Organizations Are Changing EHRs In Order To Remain Competitive In The New Value-Based Health Care Environment [...]
More Info
Meaningful Use and The Rise of the Portals
Meaningful Use and The Rise of the Portals
2014-10-02    
12:00 pm - 12:45 pm
Online
Meaningful Use and The Rise of the Portals: Best Practices in Patient Engagement Thu, Oct 2, 2014 10:30 PM - 11:15 PM IST Join Meaningful [...]
More Info
Adva Med 2014 The MedTech Conference
Adva Med 2014 The MedTech Conference
2014-10-06    
All Day
McCormick Place
Adva Med 2014 The MedTech Conference October 6-8, 2014 McCormick Place Chicago, IL For more information, visit, advamed2014.com For Registration details, click here  
More Info
Public Health Measures Meaningful Use
Public Health Measures Meaningful Use
2014-10-09    
12:00 pm - 12:45 pm
Online
Public Health Measures Meaningful Use: Reporting on Public Health Measures Join Meaningful Use expert Jim Tate for a three part series of webinars addressing MU [...]
More Info
2014 Hospital & Healthcare I.T. Conference
2014 Hospital & Healthcare I.T. Conference
2014-10-13    
All Day
Hyatt Regency O'Hare
Join us at our 2014 Hospital & Healthcare I.T. Conference and experience the following: Up to 125 Hospital & Healthcare I.T. executives from America’s most prestigious [...]
More Info
Connected Health Care 2014
Connected Health Care 2014
2014-10-14    
All Day
Courtyard by Marriott San Diego Airport/Liberty Station
Key Trends That will be Discussed at the Conference! Connected Healthcare 2014 is set to explore the crucial topics that are revolutionizing the connected health industry: [...]
More Info
HealthTech Conference
HealthTech Conference
2014-10-14    
All Day
San Mateo County Event Center
HealthTech Capital is a group of private investors dedicated to funding and mentoring new "HealthTech" start ups at the intersection of healthcare with the computer [...]
More Info
Health Informatics & Technology Conference (HITC-2014)
Health Informatics & Technology Conference (HITC-2014)
2014-10-20    
All Day
Baltimore, USA
Information technology has ability to improve the quality, productivity and safety of health care mangement. However, relatively very few health care providers have adopted IT. [...]
More Info
HIMSS Amsterdam 2014
HIMSS Amsterdam 2014
2014-10-20    
12:00 am
Hotel Okura Amsterdam
About HIMSS Amsterdam 2014 This year, the second annual HIMSS Amsterdam event will be taking place on 6-7 November 2014 at the Hotel Okura. The [...]
More Info
Patient Portal Functionality and EMR Integration Demonstration
Patient Portal Functionality and EMR Integration Demonstration
2014-10-22    
2:00 pm - 3:30 pm
Online
This purpose of this webcast is to present a demonstration to show how the Patient Portal integrates with EMR, as well as discuss how this [...]
More Info
Connected Health Symposium 2014
Connected Health Symposium 2014
2014-10-23    
All Day
Boston Seaport Hotel & World Trade Center
Symposium 2014 - Connected Health in Practice: Engaging Patients and Providers Outside of Traditional Care Settings Collaborating with industry visionaries, clinical experts, patient advocates and [...]
More Info
CHIME College of Healthcare Information Management Executives
CHIME College of Healthcare Information Management Executives
2014-10-28 - 2014-10-31    
All Day
JW Marriott San Antonio Hill Country
The Premier Event for Healthcare CIOs Hotel Accomodations JW Marriott San Antonio Hill Country 23808 Resort Parkway San Antonio, Texas 78761 Telephone: 210-276-2500 Guest Fax: [...]
More Info
The Myth of the Paperless EMR
The Myth of the Paperless EMR
2014-10-29    
2:00 pm - 3:00 pm
Online
Is Paper Eluding Your Current Technologies; The Myth of the Paperless EMR Please join Intellect Resources as we present Is Paper Eluding Your Current Technologies; The Myth [...]
More Info
Events on 2014-09-30
A Behavioral Health Collision At The EHR Intersection
A Behavioral Health Collision At The EHR Intersection
30 Sep 14
Online
Events on 2014-10-02
Meaningful Use and The Rise of the Portals
Meaningful Use and The Rise of the Portals
2 Oct 14
Online
Events on 2014-10-06
Adva Med 2014 The MedTech Conference
Adva Med 2014 The MedTech Conference
6 Oct 14
Chicago
Events on 2014-10-09
Public Health Measures Meaningful Use
Public Health Measures Meaningful Use
9 Oct 14
Online
Events on 2014-10-13
2014 Hospital & Healthcare I.T. Conference
2014 Hospital & Healthcare I.T. Conference
13 Oct 14
Rosemont
Events on 2014-10-14
Connected Health Care 2014
Connected Health Care 2014
14 Oct 14
San Diego
HealthTech Conference
HealthTech Conference
14 Oct 14
San Mateo
Events on 2014-10-20
Health Informatics & Technology Conference (HITC-2014)
Health Informatics & Technology Conference (HITC-2014)
20 Oct 14
West Lake, Los Angeles
HIMSS Amsterdam 2014
HIMSS Amsterdam 2014
20 Oct 14
Amsterdam
Events on 2014-10-22
Patient Portal Functionality and EMR Integration Demonstration
Patient Portal Functionality and EMR Integration Demonstration
22 Oct 14
Online
Events on 2014-10-23
Connected Health Symposium 2014
Connected Health Symposium 2014
23 Oct 14
Boston
Events on 2014-10-28
CHIME College of Healthcare Information Management Executives
CHIME College of Healthcare Information Management Executives
28 Oct 14
San Antonio
Events on 2014-10-29
The Myth of the Paperless EMR
The Myth of the Paperless EMR
29 Oct 14
Online
Latest News

Aug 08 : OIG Finds Privacy and Security Risks with ONC EHR Certification Process

August 8, 2014
oig
It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy and security of the protected health information (PHI) hosted by electronic health records (EHR).In an August 2014 report (A-06-11-00063), OIG concluded that the process ONC uses to certify EHR is not sufficient to ensure the privacy and security of the EHR PHI.I have attached a link to the OIG report and included regarding the findings and recommendations of the OIG.

WHAT WE FOUND

ONC’s oversight of the ATCBs did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in EHRs. Specifically, ONC did not ensure that the ATCBs:

  • developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and
  • developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

The ATCBs’ standards and procedures for testing and certifying EHRs met all NIST test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.

WHAT WE RECOMMEND

To ensure that each patient’s health information in EHRs is secure and protected, we recommend that ONC require the ATCBs to:

  • develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and
  • develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

We also recommend that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.

Source

Post Views: 324