HIT standards

By Kristof Van Quathem

Yesterday, the European Commission launched its “Digitising European Industry” package, a series of industry related initiatives aimed at “updating Europe’s digital infrastructure”, see press release here, Q&A here and homepage here.  The package includes reports and proposals addressing cloud computing, ICT standardization, eGovernment, Internet of Things (“IoT”), quantum technologies and high performance computing / big data.

Below we summarize the data protection aspects of the key communications published yesterday.
Continue Reading Digital Single Market – New Initiatives for Cloud Computing and Internet of Things

By Anna Kraus

As we reported previously, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) recently issued two reports that highlight continuing concerns over how best to ensure the privacy and security of electronic health information.  Earlier this week, we provided more detail on the OIG’s report regarding CMS oversight of the HIPAA Security Rule.

On May 16, 2011 the OIG released a second report relating to federal data security standards, Audit of Information Technology Security Included in Health Information Technology  Standards. In this report, the OIG expressed concern that federal health information technology (HIT) standards do not include general information technology (IT) security controls.  Instead, HIT standards focus primarily on application controls which apply within an IT system and can be circumvented in the absence of strong general security controls.  The audit recommended that that the Office of the National Coordinator for Health Information Technology (ONC) take the following steps:

  • Include general security controls in HIT standards;
  • Provide guidance to the health industry and the medical community regarding the value of general IT security as well as general IT security standards and best practices; and
  • Cooperate with the Centers for Medicare & Medicaid Services (CMS) and the HHS Office for Civil Rights (OCR) to require general IT security controls where appropriate.

Continue Reading OIG Urges Inclusion of General IT Security Controls in HIT Standards