Events Calendar

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
26
27
28
29
30
31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
1
Proper Management of Medicare/Medicaid Overpayments to Limit Risk of False Claims
Proper Management of Medicare/Medicaid Overpayments to Limit Risk of False Claims
2015-01-28    
1:00 pm - 3:00 pm
Online
January 28, 2015 Web Conference 12pm CST | 1pm EST | 11am MT | 10am PST | 9AM AKST | 8AM HAST Topics Covered: Identify [...]
More Info
EhealthInitiative Annual Conference 2015
EhealthInitiative Annual Conference 2015
2015-02-03 - 2015-02-05    
All Day
OMNI SHOREHAM HOTEL
About the Annual Conference Interoperability: Building Consensus Through the 2020 Roadmap eHealth Initiative’s 2015 Annual Conference & Member Meetings, February 3-5 in Washington, DC will [...]
More Info
Real or Imaginary -- Manipulation of digital medical records
Real or Imaginary -- Manipulation of digital medical records
2015-02-04    
1:00 pm - 3:00 pm
Online
February 04, 2015 Web Conference 12pm CST | 1pm EST | 11am MT | 10am PST | 9am AKST | 8am HAST Main points covered: [...]
More Info
Orlando Regional Conference
Orlando Regional Conference
2015-02-06    
All Day
Hilton Orlando Lake Buena Vista
February 06, 2015 Lake Buena Vista, FL Topics Covered: Hot Topics in Compliance Compliance and Quality of Care Readying the Compliance Department for ICD-10 Compliance [...]
More Info
Patient Engagement Summit
Patient Engagement Summit
2015-02-09 - 2015-02-10    
12:00 am
Hyatt Regency
THE “BLOCKBUSTER DRUG OF THE 21ST CENTURY” Patient engagement is one of the hottest topics in healthcare today.  Many industry stakeholders consider patient engagement, as [...]
More Info
iHT2 Health IT Summit in Miami
iHT2 Health IT Summit in Miami
2015-02-10 - 2015-02-11    
All Day
Ritz-Carlton Coconut Grove Miami
February 10-11, 2015 iHT2 [eye-h-tee-squared]: 1. an awe-inspiring summit featuring some of the world.s best and brightest. 2. great food for thought that will leave you begging [...]
More Info
Starting Urgent Care Business with Confidence
Starting Urgent Care Business with Confidence
2015-02-11    
1:00 pm - 3:00 pm
Online
February 11, 2015 Web Conference 12pm CST | 1pm EST | 11am MT | 10am PST | 9am AKST | 8am HAST Main points covered: [...]
More Info
Managed Care Compliance Conference
Managed Care Compliance Conference
2015-02-15 - 2015-02-18    
All Day
Caesars Palace
February 15, 2015 - February 18, 2015 Las Vegas, NV Prospectus Learn essential information for those involved with the management of compliance at health plans. [...]
More Info
Healthcare Systems Process Improvement Conference 2015
Healthcare Systems Process Improvement Conference 2015
2015-02-18 - 2015-02-20    
All Day
Rosen Plaza Hotel
BE A PART OF THE 2015 CONFERENCE! The Healthcare Systems Process Improvement Conference 2015 is your source for the latest in operational and quality improvement tools, methods [...]
More Info
A Practical Guide to Using Encryption for Reducing HIPAA Data Breach Risk
A Practical Guide to Using Encryption for Reducing HIPAA Data Breach Risk
2015-02-18    
1:00 pm - 3:00 pm
Online
February 18, 2015 Web Conference 12pm CST | 1pm EST | 11am MT | 10am PST | 9am AKST | 8am HAST Main points covered: [...]
More Info
Compliance Strategies to Protect your Revenue in a Changing Regulatory Environment
Compliance Strategies to Protect your Revenue in a Changing Regulatory Environment
2015-02-19    
1:00 pm - 3:30 pm
Online
February 19, 2015 Web Conference 12pm CST | 1pm EST | 11am MT | 10am PST | 9am AKST | 8am HAST Main points covered: [...]
More Info
Dallas Regional Conference
Dallas Regional Conference
2015-02-20    
All Day
Embassy Suites Outdoor World
February 20, 2015 Grapevine, TX Topics Covered: An Update on Government Enforcement Actions from the OIG OIG and US Attorney’s Office ICD 10 HIPAA – [...]
More Info
Events on 2015-01-28
Proper Management of Medicare/Medicaid Overpayments to Limit Risk of False Claims
Proper Management of Medicare/Medicaid Overpayments to Limit Risk of False Claims
28 Jan 15
Online
Events on 2015-02-03
EhealthInitiative Annual Conference 2015
EhealthInitiative Annual Conference 2015
3 Feb 15
2500 Calvert Street
Events on 2015-02-04
Real or Imaginary -- Manipulation of digital medical records
Real or Imaginary -- Manipulation of digital medical records
4 Feb 15
Online
Events on 2015-02-06
Orlando Regional Conference
Orlando Regional Conference
6 Feb 15
Lake Buena Vista
Events on 2015-02-09
Patient Engagement Summit
Patient Engagement Summit
9 Feb 15
FL
Events on 2015-02-10
iHT2 Health IT Summit in Miami
iHT2 Health IT Summit in Miami
10 Feb 15
Miami
Events on 2015-02-11
Starting Urgent Care Business with Confidence
Starting Urgent Care Business with Confidence
11 Feb 15
Online
Events on 2015-02-15
Managed Care Compliance Conference
Managed Care Compliance Conference
15 Feb 15
Las Vegas
Events on 2015-02-18
Healthcare Systems Process Improvement Conference 2015
Healthcare Systems Process Improvement Conference 2015
18 Feb 15
Orlando
A Practical Guide to Using Encryption for Reducing HIPAA Data Breach Risk
A Practical Guide to Using Encryption for Reducing HIPAA Data Breach Risk
18 Feb 15
Online
Events on 2015-02-19
Compliance Strategies to Protect your Revenue in a Changing Regulatory Environment
Compliance Strategies to Protect your Revenue in a Changing Regulatory Environment
19 Feb 15
Online
Events on 2015-02-20
Dallas Regional Conference
Dallas Regional Conference
20 Feb 15
Grapevine
Latest News

Aug 08 : OIG Finds Privacy and Security Risks with ONC EHR Certification Process

August 8, 2014
oig
It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy and security of the protected health information (PHI) hosted by electronic health records (EHR).In an August 2014 report (A-06-11-00063), OIG concluded that the process ONC uses to certify EHR is not sufficient to ensure the privacy and security of the EHR PHI.I have attached a link to the OIG report and included regarding the findings and recommendations of the OIG.

WHAT WE FOUND

ONC’s oversight of the ATCBs did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in EHRs. Specifically, ONC did not ensure that the ATCBs:

  • developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and
  • developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

The ATCBs’ standards and procedures for testing and certifying EHRs met all NIST test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.

WHAT WE RECOMMEND

To ensure that each patient’s health information in EHRs is secure and protected, we recommend that ONC require the ATCBs to:

  • develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and
  • develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

We also recommend that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.

Source

Post Views: 319