Last week, the chairmen and ranking members of the Senate Committee on Health, Education, Labor, and Pensions and the Senate Committee on Finance sent a letter to Andy Slavitt, Acting Administrator for the Centers for Medicare & Medicaid Services (“CMS”), and Jocelyn Samuels, Director of the Health and Human Services (“HHS”) Office for Civil Rights (“OCR”), requesting information on how HHS “is working to support and protect victims of medical identity theft” in order to “assess the adequacy of current efforts.”
Continue Reading Senators Request Information from HHS About Medical Identity Theft Efforts

On November 2, 2015, the HHS Office of Inspector General (OIG) published its FY 2016 Work Plan, which summarizes new and ongoing activities that OIG plans to pursue with respect to HHS programs and operations during the fiscal year.

The FY 2016 Work Plan includes a new review initiative to examine “whether FDA’s oversight of hospitals’ networked medical devices is sufficient to effectively protect associated electronic protected health information (ePHI) and ensure beneficiary safety.”  The Work Plan notes that networked medical devices, such as radiology systems and medication dispensing systems that are integrated with electronic medical records and the larger health network, “pose a growing threat to the security and privacy of personal health information.”  OIG’s Work Plans for FY 2014 and FY 2015 both included a similar review focused on oversight by CMS of hospitals’ security controls over networked medical devices.  This review activity has been removed in the FY 2016 Work Plan.

Continue Reading OIG FY 2016 Work Plan Includes Review of FDA’s Oversight of Networked Devices

The National Cybersecurity Center of Excellence (“NCCoE”) has released a draft for public comment of the first guide in a new series of publications “that will show businesses and other organizations how to improve their cybersecurity using standards-based, commercially available or open-source tools.” The guide discusses how to secure electronic health records on mobile devices. “The draft guide was developed by industry and academic cybersecurity experts, with the input of health care providers who first identified the challenge.”
Continue Reading Comments Requested on Draft Guide on Securing Electronic Health Records on Mobile Devices

A new study out by the Ponemon Institute finds that criminal attacks, rather than accidents or technological failures, are the leading cause of data breaches. The report finds that cyber-criminals are increasingly targeting health care providers and business associates for the vast amounts of personal data held by these entities, and that these attacks are costing the health care system potentially billions of dollars.


Continue Reading Cyber Attacks on Health Data Increasing, Primary Cause of Data Breaches, Group Finds