DHHS OIG Work Plan Targets Networked Devices

The Office of the Inspector General (OIG) of the U.S Department of Health and Human Services has released a report (pdf) outlining its 2015 work plan.  Among a host of subjects is “Information Technology Security, Protected Health Information, and Data Accuracy” with the subsection “Controls over networked medical devices at hospitals”. The focus here is on the security of  patient electronic health information which is to be protected under law. Other risks associated with device networking are not addressed. The relevant subsection (page 22) is relatively brief: We will examine whether CMS oversight of hospitals’ security controls over networked medical devices is sufficient to effectively protect associated electronic protected health information (ePHI) and ensure beneficiary safety. Computerized medical devices, such as dialysis machines, radiology systems, and medication dispensing systems that are integrated with electronic medical records (EMRs) and the larger health network, pose a growing threat to the security and privacy of personal health information. Such medical devices use hardware, software, and networks to monitor a patient’s medical status and transmit and receive related data using wired or wireless communications. To participate in Medicare, providers such as hospitals are required to secure medical records and patient information, including ePHI. (42 CFR § 482.24(b).) Medical device manufacturers provide Manufacturer Disclos...
Source: Medical Connectivity Consulting - Category: Technology Consultants Authors: Tags: connectivity Healthcare IT Standards & Regulatory Source Type: blogs