Health IT

ONC Proposes Nationwide Survey on EHR Privacy, Security

By Inside Privacy on November 8, 2011

The Office of the National Coordinator for Health Information Technology (ONC) is proposing to conduct a nationwide survey regarding consumer attitudes toward the privacy and security aspects of electronic health records (EHR) and electronic health information exchange, according to a notice in last Thursday’s Federal Register.

ONC’s plan is to use computer-assisted telephone interviews…

OIG Urges Inclusion of General IT Security Controls in HIT Standards

By Inside Privacy on June 29, 2011

Posted in Data Security, Health Privacy

By Anna Kraus

As we reported previously, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently issued two reports that highlight continuing concerns over how best to ensure the privacy and security of electronic health information. Earlier this week, we provided more detail on the OIG’s report regarding CMS oversight of the HIPAA Security Rule.

On May 16, 2011 the OIG released a second report relating to federal data security standards, Audit of Information Technology Security Included in Health Information Technology Standards. In this report, the OIG expressed concern that federal health information technology (HIT) standards do not include general information technology (IT) security controls. Instead, HIT standards focus primarily on application controls which apply within an IT system and can be circumvented in the absence of strong general security controls. The audit recommended that that the Office of the National Coordinator for Health Information Technology (ONC) take the following steps:

Include general security controls in HIT standards;
Provide guidance to the health industry and the medical community regarding the value of general IT security as well as general IT security standards and best practices; and
Cooperate with the Centers for Medicare & Medicaid Services (CMS) and the HHS Office for Civil Rights (OCR) to require general IT security controls where appropriate.

…
Continue Reading OIG Urges Inclusion of General IT Security Controls in HIT Standards

OIG Criticizes HHS Oversight of the HIPAA Security Rule, Data Security Controls in Health IT Standards

By Inside Privacy on May 24, 2011

Posted in Data Security, Health Privacy

By Anna Kraus

Last week, the Office of Inspector General (OIG) within the Department of Health and Human Services (HHS) issued two audit reports regarding federally mandated data security measures for health information. Both reports are highly critical of HHS’s efforts to protect the security of electronic health information.

In the first report, available here…

ONC Seeks Public Comment on Federal Health IT Strategic Plan

By Inside Privacy on March 31, 2011

Posted in Data Security, Health Privacy

The Office of the National Coordinator for Health Information Technology (ONC) is requesting public comment on its Federal Health Information Technology Strategic Plan: 2011-2015. ONC updated the Plan (last published in 2008) to reflect the major changes to health IT policy contained in the HITECH Act and the Affordable Care Act. The Plan, which…

Privacy in a Health IT World

By Inside Privacy on January 16, 2011

Posted in Health Privacy, United States

The President’s Council of Advisors on Science and Technology recently released a report entitled, “Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward.” It is a wonkish discourse on the future of health information technology.

The report offers an interesting glimpse at what may be the…