Events Calendar

Today
Mon
Tue
Wed
Thu
Fri
Sat
Sun
M
T
W
T
F
S
S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
11:00 AM - Charmalot 2025
20
21
22
23
24
25
26
27
28
29
30
1
2
3
4
5
Oracle Health and Life Sciences Summit 2025
Oracle Health and Life Sciences Summit 2025
2025-09-09 - 2025-09-11    
12:00 am
Orlando
The largest gathering of Oracle Health (Formerly Cerner) users. It seems like Oracle Health has learned that it’s not enough for healthcare users to be [...]
More Info
MEDITECH Live 2025
MEDITECH Live 2025
2025-09-17 - 2025-09-19    
8:00 am - 4:30 pm
Foxborough
This is the MEDITECH user conference hosted at the amazing MEDITECH conference venue in Foxborough (just outside Boston). We’ll be covering all of the latest [...]
More Info
AI Leadership Strategy Summit
AI Leadership Strategy Summit
2025-09-18 - 2025-09-19    
12:00 am
Chicago
AI is reshaping healthcare, but for executive leaders, adoption is only part of the equation. Success also requires making informed investments, establishing strong governance, and [...]
More Info
OMD Educates: Digital Health Conference 2025
OMD Educates: Digital Health Conference 2025
2025-09-18 - 2025-09-19    
7:00 am - 5:00 pm
Toronto Congress Centre
Why Attend? This is a one-of-a-kind opportunity to get tips from experts and colleagues on how to use your EMR and other innovative health technology [...]
More Info
Charmalot 2025
Charmalot 2025
2025-09-19 - 2025-09-21    
11:00 am - 9:00 pm
Berkeley
This is the CharmHealth annual user conference which also includes the CharmHealth Innovation Challenge. We enjoyed the event last year and we’re excited to be [...]
More Info
Civitas 2025 Annual Conference
Civitas 2025 Annual Conference
2025-09-28 - 2025-09-30    
8:00 am
Anaheim
Civitas Networks for Health 2025 Annual Conference: From Data to Doing Civitas’ Annual Conference convenes hundreds of industry leaders, decision-makers, and innovators to explore interoperability, [...]
More Info
TigerConnect + eVideon Unite Healthcare Communications
TigerConnect + eVideon Unite Healthcare Communications
2025-09-30    
10:00 am
TigerConnect’s acquisition of eVideon represents a significant step forward in our mission to unify healthcare communications. By combining smart room technology with advanced clinical collaboration [...]
More Info
Pathology Visions 2025
Pathology Visions 2025
2025-10-05 - 2025-10-07    
8:00 am - 5:00 pm
San Diego
Elevate Patient Care: Discover the Power of DP & AI Pathology Visions unites 800+ digital pathology experts and peers tackling today's challenges and shaping tomorrow's [...]
More Info
Events on 2025-09-09
Oracle Health and Life Sciences Summit 2025
Oracle Health and Life Sciences Summit 2025
9 Sep 25
Orlando
Events on 2025-09-17
MEDITECH Live 2025
MEDITECH Live 2025
17 Sep 25
MA
Events on 2025-09-18
AI Leadership Strategy Summit
AI Leadership Strategy Summit
18 Sep 25
IL
OMD Educates: Digital Health Conference 2025
OMD Educates: Digital Health Conference 2025
18 Sep 25
Toronto Congress Centre
Events on 2025-09-19
Charmalot 2025
Charmalot 2025
19 Sep 25
CA
Events on 2025-09-28
Civitas 2025 Annual Conference
Civitas 2025 Annual Conference
28 Sep 25
California
Events on 2025-09-30
TigerConnect + eVideon Unite Healthcare Communications
TigerConnect + eVideon Unite Healthcare Communications
30 Sep 25
Events on 2025-10-05
Pathology Visions 2025
Pathology Visions 2025
5 Oct 25
CA
Latest News

Aug 08 : OIG Finds Privacy and Security Risks with ONC EHR Certification Process

August 8, 2014
oig
It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy and security of the protected health information (PHI) hosted by electronic health records (EHR).In an August 2014 report (A-06-11-00063), OIG concluded that the process ONC uses to certify EHR is not sufficient to ensure the privacy and security of the EHR PHI.I have attached a link to the OIG report and included regarding the findings and recommendations of the OIG.

WHAT WE FOUND

ONC’s oversight of the ATCBs did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in EHRs. Specifically, ONC did not ensure that the ATCBs:

  • developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and
  • developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

The ATCBs’ standards and procedures for testing and certifying EHRs met all NIST test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.

WHAT WE RECOMMEND

To ensure that each patient’s health information in EHRs is secure and protected, we recommend that ONC require the ATCBs to:

  • develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and
  • develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.

We also recommend that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.

Source

Post Views: 45