tag:blogger.com,1999:blog-414555827842946729.post7822073144999135996..comments2023-11-03T05:29:10.849-04:00Comments on Healthcare Technology News: ePHI at high riskAnonymoushttp://www.blogger.com/profile/16546158824445218173noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-414555827842946729.post-91028461872066915512008-11-09T09:30:00.000-05:002008-11-09T09:30:00.000-05:00We should expect to see a lot of emphasis on secur...We should expect to see a lot of emphasis on security of ePHI next year. In addition to the OIG report on HHS's compliance efforts, OIG included 7 items in their 2009 work plan related to Medicare and Medicaid information systems and data security. In addition to review of CMS's enforcement of the HIPAA Security Rule, OIG plans to "review security controls implemented by Medicare and Medicaid contractors as well as hospitals to prevent the loss of protected health information stored on portable devices and media, such as laptops, jump drives, backup tapes, and equipment considered for disposal." <BR/><BR/>HIPAA covered entities should also review their Security Rule compliance in light of new guidance issued by the National Institute of Standards & Technology Computer Security <BR/>Division. This month, the NIST issued a revision to their Introductory Resource Guide for Implementing the HIPAA Security Rule (NIST Special Publication 800-66, Revision 1) and a final guide to cell phone and PDA security (NIST Special Publication 800-124).<BR/><BR/>Finally, there continues to be anxiety on the part of the public about sharing of ePHI, when privacy and security protections may not be adequate. In order to move legislation encouraging/mandating more electronic records and transfer, additional privacy/security requirements may have to be added.Anonymousnoreply@blogger.com