News

HealthData Management Article Discusses Blog Post by Randy Gainer on ONC Security Tool

An article in Health Data Management magazine (“ONC Needs to Improve Risk-Rating Features of New Security Tool,” April 16, 2014) discussed “the risk-rating features of a tool developed by the Office of the National Coordinator for Health IT to help healthcare providers in small to medium sized physician offices conduct security risk assessments (SRA).” Referencing an April 9, 2014, post by Randy Gainer on BakerHostetler’s blog, Data Privacy Monitor, the article reported that the tool needs improvement. The article quotes Gainer’s assessment that "the tool offers incomplete guidance regarding why the risks associated with each requirement should fall into the 'Low' category as opposed to the 'Medium' or 'High' category. Users are left to guess whether failing to comply with a requirement would have a low, medium, or high likelihood of affecting the confidentiality, integrity, or availability ePHI, and whether the impact of such an effect would be 'Low,' 'Medium,' or 'High.'"

Read the article.

Related Services

Blog

In The Blogs

Previous Next
Data Privacy Monitor
Looking Back: The Federal Trade Commission Issues Annual Data Privacy Report for 2017
February 6, 2018
On Jan. 18, 2018, the Federal Trade Commission (FTC) published its Annual Privacy and Data Security Update. The update is helpful to businesses in that it recaps the efforts and areas of involvement the FTC has targeted in the past year as...
Read More ->
Data Privacy Monitor
SAMHSA Updates Privacy Regulations to Reflect Advancements in Healthcare
January 31, 2018
On Jan. 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued its final rule regarding the Confidentiality of Substance Use Disorder Patient Records Part 2. These changes become effective Feb. 2, 2018. As...
Read More ->
Data Privacy Monitor
Clock Ticking, European Commission Launches GDPR Implementation Guidance Website
January 26, 2018
With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of...
Read More ->
Data Privacy Monitor
Aetna Agrees to Pay $17 Million and Implement Best-Practices Policy to Settle Claims of HIV-related Privacy Violations
January 25, 2018
Last week, Aetna agreed to resolve class action claims of privacy violations related to the disclosure of thousands of members’ HIV status. The agreement will require the insurance giant to pay over $17 million into a settlement fund, the...
Read More ->
Data Privacy Monitor
A New Tax Season, but the Same W-2 Spear Phishing Scam
By David M. Brown
January 22, 2018
According to the IRS, the IRS saw the number of businesses, public schools, universities, tribal governments and nonprofits victimized by W-2 scams increase to 200 in 2017 from 50 in 2016. Those 200 victims translated into several hundred...
Read More ->