Fwd: OIG posts report, podcast and news about enforcement actions - 8/4

---------- Forwarded message ----------
From: HHS Office of Inspector General <donotreply@subscriptions.hhs.gov>
Date: Mon, Aug 4, 2014 at 8:30 AM
Subject: OIG posts report, podcast and news about enforcement actions - 8/4
To: iammejtm@gmail.com

Good morning from Washington, DC. Today OIG posts a report, a podcast and news about enforcement actions. As always, you can use the links provided to go directly to the new material.   ------------------------------------------------------------------------------   The Office of the National Coordinator for Health Information Technology's Oversight of the Testing and Certification of Electronic Health Records (A-06-11-00063) http://go.usa.gov/NXWx   ONC's oversight of the authorized testing and certification bodies (ATCBs) did not fully ensure that test procedures and standards could adequately secure and protect electronic patient information contained in electronic health records (EHRs). Specifically, ONC did not ensure that the ATCBs:   (1) Developed procedures to periodically evaluate whether certified EHRs continued to meet Federal standards and (2) Developed a training program to ensure that their personnel were competent to test and certify EHRs and to secure proprietary or sensitive EHR information.   The ATCBs' standards and procedures for testing and certifying EHRs met all National Institute of Standards and Technology (NIST) test procedure requirements that ONC approved. However, those NIST test procedures were not sufficient to ensure that EHRs would adequately secure and protect patient health information; in particular, the procedures allowed ATCBs to certify EHRs that demonstrated the use of a single-character password during testing. In addition, the NIST test procedures did not address common security issues, such as, but not limited to, password complexity and/or logging emergency access or user privilege changes.   To ensure that each patient's health information in EHRs is secure and protected, we recommended that ONC require the ATCBs to:   (1) Develop procedures to periodically evaluate whether certified EHRs continue to meet Federal standards and (2) Develop a training program to ensure that their personnel are competent to test and certify EHRs and to secure proprietary or sensitive EHR information.   We also recommended that ONC work with NIST to strengthen EHR test procedure requirements so that ATCBs can ensure during testing that EHR vendors incorporate a baseline set of security and privacy features into the development of EHRs to address common security issues.   ONC stated that ATCBs are no longer active in the ONC Certification Program and that testing and certification functions are now performed by separate entities in the ONC Health Information Technology Certification Program. ONC also stated that it currently is using new certification criteria.   ------------------------------------------------------------------------------   Podcast: July 2014 OIG Update http://go.usa.gov/NXDQ   Mike Kane, Office of External Affairs, discusses recent enforcement actions and OIG reports released in July 2014.   ------------------------------------------------------------------------------   August 1, 2014; U.S. Department of Justice Former Owner of Southern California Medical Supply Company Found Guilty for a 10-Year, $8.3 Million Medicare Fraud Scheme http://go.usa.gov/NXZP   ------------------------------------------------------------------------------   July 30, 2014; U.S. Attorney; District of Maine Massachusetts Man Convicted of Failure to Pay Child Support and Drug Charge http://go.usa.gov/NXZP   ------------------------------------------------------------------------------   State Enforcement Actions Updated http://go.usa.gov/NXWh ------------------------------------------------------------------------------   That's all we have for today. If we can be of any further assistance, please send an Email to public.affairs@oig.hhs.gov    I hope your week has started well.   Marc Wolfson – Office of External Affairs   OIG's privacy policy can be found at http://oig.hhs.gov/notices/privacy-notice.asp Follow us on Twitter: http://twitter.com/OIGatHHS Inquiries? Contact us: Public.Affairs@oig.hhs.gov Manage your OIG subscriptions: update your preferences or unsubscribe Questions about this service? Visit subscriberhelp.govdelivery.com This email was sent to iammejtm@gmail.com using GovDelivery, on behalf of the U.S. Dept. of Health & Human Services · 200 Independence Avenue SW · Washington DC 20201 · 1-877-696-6775

--
Jeremy Tobias Matthews