News

HealthData Management Article Discusses Blog Post by Randy Gainer on ONC Security Tool

An article in Health Data Management magazine (“ONC Needs to Improve Risk-Rating Features of New Security Tool,” April 16, 2014) discussed “the risk-rating features of a tool developed by the Office of the National Coordinator for Health IT to help healthcare providers in small to medium sized physician offices conduct security risk assessments (SRA).” Referencing an April 9, 2014, post by Randy Gainer on BakerHostetler’s blog, Data Privacy Monitor, the article reported that the tool needs improvement. The article quotes Gainer’s assessment that "the tool offers incomplete guidance regarding why the risks associated with each requirement should fall into the 'Low' category as opposed to the 'Medium' or 'High' category. Users are left to guess whether failing to comply with a requirement would have a low, medium, or high likelihood of affecting the confidentiality, integrity, or availability ePHI, and whether the impact of such an effect would be 'Low,' 'Medium,' or 'High.'"

Read the article.

Blog

In The Blogs

Previous Next
Data Counsel
Virginia Becomes the Second State with a Comprehensive Privacy Law
By Kyle R. Dull, Kyle R. Fath, Patrick R. Waldrop
March 2, 2021
Governor Ralph Northam has signed the Consumer Data Protection Act (CDPA), making Virginia the second state with a comprehensive privacy law. The CDPA is inspired by both the California Consumer Privacy Act (CCPA) and General Data...
Read More ->
Data Counsel
New EDPB Draft Guidance Provides Practical Scenarios for Data Breach Notification Analysis Under the GDPR
By Michael E. Fitzgerald, Benjamin D. Wanger
February 19, 2021
In certain cases, the General Data Protection Regulation (GDPR) requires entities that experience a personal data breach to provide notice of the incident to relevant national supervisory authorities and the individuals whose personal data...
Read More ->
Data Counsel
Virginia Poised to Enact the Consumer Data Protection Act, the Nation's Second Comprehensive Consumer Privacy Law
By Kyle R. Dull, Kyle R. Fath, Patrick R. Waldrop
February 17, 2021
Having passed both houses of the Virginia General Assembly, the proposed Consumer Data Protection Act (CDPA) may become the second comprehensive consumer privacy bill to be enacted in the United States. However, to reach the governor’s...
Read More ->
Data Counsel
AdTech Under the CCPA and CPRA
By Kyle R. Fath
February 15, 2021
Please join us for a follow-up discussion on AdTech Under the CCPA and CPRA, originally presented as part of the PrivacyOC Privacy Week Forums 2021. Speakers Alan Friel and Kyle Fath will discuss four seemingly overlapping consumer rights...
Read More ->
Data Counsel
Virginia Likely to Become Second State with Comprehensive Privacy Legislation
By Kyle R. Dull, Kyle R. Fath
February 11, 2021
With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and...
Read More ->