Events Calendar

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
28
29
30
31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
This is it: The Last Chance for EHR Stimulus Funds! Webinar
This is it: The Last Chance for EHR Stimulus Funds! Webinar
2014-07-31    
10:00 am - 11:00 am
Online
Contact: Robert Moberg ChiroTouch 9265 Sky Park Court Suite 200 San Diego, CA 92123 Phone: 619-528-0040 ChiroTouch to Host This is it: The Last Chance [...]
More Info
RCM Best Practices
RCM Best Practices
2014-07-31    
2:00 pm - 3:00 pm
Online
In today’s cost-conscious healthcare environment every dollar counts. Yet, inefficient billing processes are costing practices up to 15% of their revenue annually. The areas of [...]
More Info
Aprima 2014 User Conference and VAR Summit
Aprima 2014 User Conference and VAR Summit
2014-08-08    
12:00 am
Omni Dallas Hotel
Aprima 2014 User Conference and VAR Summit Vendor Registration Thank you for your interest in participating in the Aprima 2014 User Conference and VAR Summit. Please [...]
More Info
Innovations for Healthcare IT
Innovations for Healthcare IT
2014-08-10    
All Day
Tampa Convention Center
At Innovations for Healthcare IT, you'll discover new techniques and methods to maximize the use of your Siemens systems and help you excel in today's [...]
More Info
Consumerization of Healthcare
Consumerization of Healthcare
2014-08-13    
1:00 pm - 1:30 pm
Online
Join Our Complimentary Express Webinar for an overview of “The Consumerization of Healthcare” on Wednesday, August 13th at 1:00 pm ET. Consumerism in the healthcare [...]
More Info
How to use HIPAA tracking software to survive an audit
How to use HIPAA tracking software to survive an audit
2014-08-20    
2:00 pm - 3:30 pm
online
Wednesday, August 20th from 2:00 – 3:30 EST You have done a great job with Meaningful Use but will you pass a HIPAA audit?  Bob Grant, HIPAA auditor and expert will show you how to achieve total compliance and [...]
More Info
How Healthy Is Your Practice?
How Healthy Is Your Practice?
2014-08-27    
2:00 pm - 3:00 pm
Online
According to recent statistics from MGMA, the typical physician practice leaves up to 30% of their potential revenue on the table every year. This money [...]
More Info
Events on 2014-07-31
This is it: The Last Chance for EHR Stimulus Funds! Webinar
This is it: The Last Chance for EHR Stimulus Funds! Webinar
31 Jul 14
Online
RCM Best Practices
RCM Best Practices
31 Jul 14
Online
Events on 2014-08-08
Aprima 2014 User Conference and VAR Summit
Aprima 2014 User Conference and VAR Summit
8 Aug 14
Dallas
Events on 2014-08-10
Innovations for Healthcare IT
Innovations for Healthcare IT
10 Aug 14
Tampa
Events on 2014-08-13
Consumerization of Healthcare
Consumerization of Healthcare
13 Aug 14
Online
Events on 2014-08-20
How to use HIPAA tracking software to survive an audit
How to use HIPAA tracking software to survive an audit
20 Aug 14
online
Events on 2014-08-27
How Healthy Is Your Practice?
How Healthy Is Your Practice?
27 Aug 14
Online
Latest News

Aug 08 : OIG Finds Privacy and Security Risks with ONC EHR Certification Process

August 8, 2014
oig
It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy and security of the protected health information (PHI) hosted by electronic health records (EHR).In an August 2014 report (A-06-11-00063), OIG concluded that the process ONC uses to certify EHR is not sufficient to ensure the privacy and security of the EHR PHI.I have attached a link to the OIG report and included regarding the findings and recommendations of the OIG.

WHAT WE FOUND

ONC’s oversight of the ATCBs did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in EHRs. Specifically, ONC did not ensure that the ATCBs:

  • developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and
  • developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

The ATCBs’ standards and procedures for testing and certifying EHRs met all NIST test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.

WHAT WE RECOMMEND

To ensure that each patient’s health information in EHRs is secure and protected, we recommend that ONC require the ATCBs to:

  • develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and
  • develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

We also recommend that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.

Source

Post Views: 326