Events Calendar

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
1
2
3
4
5
6
7
12:00 AM - mHealth Summit
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
2
3
4
Forbes Healthcare Summit
Forbes Healthcare Summit
2014-12-03    
All Day
Appel Room
Forbes Healthcare Summit: Smart Data Transforming Lives How big will the data get? This year we may collect more data about the human body than [...]
More Info
Customer Analytics & Engagement in Health Insurance
Customer Analytics & Engagement in Health Insurance
2014-12-04 - 2014-12-05    
All Day
Hilton Magnificent Mile Suites
Using Data Analytics, Product Experience & Innovation to Build a Profitable Customer-Centric Strategy Takeaway business ROI: Drive business value with customer analytics: learn what every business [...]
More Info
mHealth Summit
mHealth Summit
2014-12-07    
All Day
The Gaylord National Resort and Convention Center
DECEMBER 7-11, 2014 The mHealth Summit, the largest event of its kind, convenes a diverse international delegation to explore the limits of mobile and connected [...]
More Info
The 26th Annual IHI National Forum
The 26th Annual IHI National Forum
2014-12-07    
All Day
Orlando World Center Marriott Resort & Convention Center
Overview ​2014 marks the 26th anniversary of an event that has shaped the course of health care quality in profound, enduring ways — the Annual [...]
More Info
Why A Risk Assessment is NOT Enough
Why A Risk Assessment is NOT Enough
2014-12-09    
2:00 pm - 3:30 pm
Online
A common misconception is that  “A risk assessment makes me HIPAA compliant” Sadly this thought can cost your practice more than taking no action at [...]
More Info
iHT2 Health IT Summit
iHT2 Health IT Summit
2014-12-10 - 2014-12-11    
All Day
Royal Sonesta Houston Galleria
Each year, the Institute hosts a series of events & programs which promote improvements in the quality, safety, and efficiency of health care through information technology [...]
More Info
Design a premium health insurance plan that engages customers, retains subscribers and understands behaviors
Design a premium health insurance plan that engages customers, retains subscribers and understands behaviors
2014-12-16    
11:30 am - 12:30 pm
Online
Wed, Dec 17, 2014 1:00 AM - 2:00 AM IST Join our webinar with John Mills - UPMC, Tim Gilchrist - Columbia University HITLAP, and [...]
More Info
Events on 2014-12-03
Forbes Healthcare Summit
Forbes Healthcare Summit
3 Dec 14
New York City
Events on 2014-12-04
Customer Analytics & Engagement in Health Insurance
Customer Analytics & Engagement in Health Insurance
4 Dec 14
Chicago
Events on 2014-12-07
mHealth Summit
mHealth Summit
7 Dec 14
Washington
The 26th Annual IHI National Forum
The 26th Annual IHI National Forum
7 Dec 14
Orlando
Events on 2014-12-09
Why A Risk Assessment is NOT Enough
Why A Risk Assessment is NOT Enough
9 Dec 14
Online
Events on 2014-12-10
iHT2 Health IT Summit
iHT2 Health IT Summit
10 Dec 14
Houston
Events on 2014-12-16
Design a premium health insurance plan that engages customers, retains subscribers and understands behaviors
Design a premium health insurance plan that engages customers, retains subscribers and understands behaviors
16 Dec 14
Online
Latest News

Aug 08 : OIG Finds Privacy and Security Risks with ONC EHR Certification Process

August 8, 2014
oig
It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy and security of the protected health information (PHI) hosted by electronic health records (EHR).In an August 2014 report (A-06-11-00063), OIG concluded that the process ONC uses to certify EHR is not sufficient to ensure the privacy and security of the EHR PHI.I have attached a link to the OIG report and included regarding the findings and recommendations of the OIG.

WHAT WE FOUND

ONC’s oversight of the ATCBs did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in EHRs. Specifically, ONC did not ensure that the ATCBs:

  • developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and
  • developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

The ATCBs’ standards and procedures for testing and certifying EHRs met all NIST test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.

WHAT WE RECOMMEND

To ensure that each patient’s health information in EHRs is secure and protected, we recommend that ONC require the ATCBs to:

  • develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and
  • develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

We also recommend that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.

Source

Post Views: 322