Events Calendar

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
28
29
30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1
C.D. Howe Institute Roundtable Luncheon
C.D. Howe Institute Roundtable Luncheon
2014-04-28    
12:00 pm - 1:30 pm
C.D. Howe Institute
Navigating the Healthcare System: The Patient’s Perspective Please join us for this Roundtable Luncheon at the C.D. Howe Institute with Richard Alvarez, Chief Executive Officer, [...]
More Info
DoD / VA EHR and HIT Summit
DoD / VA EHR and HIT Summit
2014-05-06    
All Day
The Mary M. Gates Learning Center
DSI announces the 6th iteration of our DoD/VA iEHR & HIE Summit, now titled “DoD/VA EHR & HIT Summit”. This slight change in title is to help [...]
More Info
Electronic Medical Records: A Conversation
Electronic Medical Records: A Conversation
2014-05-09    
1:00 pm - 3:30 pm
H.F. DeLuca Forum, Wisconsin Institutes for Discovery
WID, the Holtz Center for Science & Technology Studies and the UW–Madison Office of University Relations are offering a free public dialogue exploring electronic medical records (EMRs), a rapidly disseminating technology [...]
More Info
The National Conference on Managing Electronic Records (MER) - 2014
The National Conference on Managing Electronic Records (MER) - 2014
2014-05-19    
All Day
THE WESTIN MICHIGAN AVE (Headquarter Hotel)
" OUTSTANDING QUALITY – Every year, for over 10 years, 98% of the MER’s attendees said they would recommend the MER! RENOWNED SPEAKERS – delivering timely, accurate information as well as an abundance of practical ideas. 27 SESSIONS AND 11 TOPIC-FOCUSED THEMES – addressing your organization’s needs. FULL RANGE OF TOPICS – with sessions focusing on “getting started”, “how to”, and “cutting-edge”, to “thought leadership”. INCISIVE CASE STUDIES – from those responsible for significant implementations and integrations, learn how they overcame problems and achieved success. GREAT NETWORKING – by interacting with peer professionals, renowned authorities, and leading solution providers, you can fast-track solving your organization’s problems. 22 PREMIER EXHIBITORS – in productive 1:1 private meetings, learn how the MER 2014 exhibitors are able to address your organization’s problems. "
More Info
Chicago 2014 National Conference for Medical Office Professionals
Chicago 2014 National Conference for Medical Office Professionals
2014-05-21    
12:00 am
Sheraton Chicago Hotel & Towers
3 Full Days of Training Focused on Optimizing Medical Office Staff Productivity, Profitability and Compliance at the Sheraton Chicago Hotel & Towers Featuring Keynote Presentation [...]
More Info
Events on 2014-04-28
C.D. Howe Institute Roundtable Luncheon
C.D. Howe Institute Roundtable Luncheon
28 Apr 14
Toronto
Events on 2014-05-06
DoD / VA EHR and HIT Summit
DoD / VA EHR and HIT Summit
6 May 14
Alexandria
Events on 2014-05-09
Electronic Medical Records: A Conversation
Electronic Medical Records: A Conversation
9 May 14
Orchard
Events on 2014-05-19
The National Conference on Managing Electronic Records (MER) - 2014
The National Conference on Managing Electronic Records (MER) - 2014
19 May 14
Chicago
Events on 2014-05-21
Chicago 2014 National Conference for Medical Office Professionals
Chicago 2014 National Conference for Medical Office Professionals
21 May 14
Chicago
Latest News

Aug 08 : OIG Finds Privacy and Security Risks with ONC EHR Certification Process

August 8, 2014
oig
It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy and security of the protected health information (PHI) hosted by electronic health records (EHR).In an August 2014 report (A-06-11-00063), OIG concluded that the process ONC uses to certify EHR is not sufficient to ensure the privacy and security of the EHR PHI.I have attached a link to the OIG report and included regarding the findings and recommendations of the OIG.

WHAT WE FOUND

ONC’s oversight of the ATCBs did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in EHRs. Specifically, ONC did not ensure that the ATCBs:

  • developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and
  • developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

The ATCBs’ standards and procedures for testing and certifying EHRs met all NIST test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.

WHAT WE RECOMMEND

To ensure that each patient’s health information in EHRs is secure and protected, we recommend that ONC require the ATCBs to:

  • develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and
  • develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

We also recommend that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.

Source

Post Views: 329