News

HealthData Management Article Discusses Blog Post by Randy Gainer on ONC Security Tool

An article in Health Data Management magazine (“ONC Needs to Improve Risk-Rating Features of New Security Tool,” April 16, 2014) discussed “the risk-rating features of a tool developed by the Office of the National Coordinator for Health IT to help healthcare providers in small to medium sized physician offices conduct security risk assessments (SRA).” Referencing an April 9, 2014, post by Randy Gainer on BakerHostetler’s blog, Data Privacy Monitor, the article reported that the tool needs improvement. The article quotes Gainer’s assessment that "the tool offers incomplete guidance regarding why the risks associated with each requirement should fall into the 'Low' category as opposed to the 'Medium' or 'High' category. Users are left to guess whether failing to comply with a requirement would have a low, medium, or high likelihood of affecting the confidentiality, integrity, or availability ePHI, and whether the impact of such an effect would be 'Low,' 'Medium,' or 'High.'"

Read the article.

Blog

In The Blogs

Previous Next
Data Counsel
What to Expect on Privacy with a New Democratic Majority at the FTC
By Daniel Kaufman
June 20, 2022
It has been just over one year since Lina Khan was confirmed by the Senate and designated Federal Trade Commission (FTC) chair by the president. At the outset of her tenure, she had a Democratic majority, which ended in October 2021 when...
Read More ->
Data Counsel
DSIR Deeper Dive into the Data: Ransomware Front and Center
By Joseph L. Bruemmer, Elise R. Elam
June 16, 2022
There is no question that ransomware is here to stay. Thirty-seven percent of the matters we handled last year involved ransomware, compared to 27 percent of matters in 2020. In 2019, there were approximately 15 active ransomware threat...
Read More ->
Data Counsel
If it's broke, just fix it…: Curing Alleged CCPA Violations
By Casie D. Collignon, Colby M. Everett, Robyn M. Feldstein
June 14, 2022
Courts across the United States continue to grapple with California’s landmark consumer privacy law, the California Consumer Privacy Act (CCPA). While the contours of this law are being litigated on multiple fronts, one important, but not...
Read More ->
Data Counsel
CPPA Begins CPRA Rulemaking
By Jennifer L. Mitchell, Jeewon K. Serrato, Justin T. Yedor
June 2, 2022
On May 26, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to provide updates on the Agency’s rulemaking process. The next day, the CPPA released draft regulations for the California Privacy...
Read More ->
Data Counsel
North Carolina is the First State to Prohibit Public Entities from Paying Ransoms: What Does This Mean for North Carolina Public Schools and Universities?
By Elise R. Elam, Benjamin D. Wanger
May 19, 2022
On April 5th, North Carolina became the first state to prohibit state agencies and local governments from paying ransoms after becoming victims of a ransomware attack. Indeed, in addition to prohibiting said entities from paying ransoms...
Read More ->