News

HealthData Management Article Discusses Blog Post by Randy Gainer on ONC Security Tool

An article in Health Data Management magazine (“ONC Needs to Improve Risk-Rating Features of New Security Tool,” April 16, 2014) discussed “the risk-rating features of a tool developed by the Office of the National Coordinator for Health IT to help healthcare providers in small to medium sized physician offices conduct security risk assessments (SRA).” Referencing an April 9, 2014, post by Randy Gainer on BakerHostetler’s blog, Data Privacy Monitor, the article reported that the tool needs improvement. The article quotes Gainer’s assessment that "the tool offers incomplete guidance regarding why the risks associated with each requirement should fall into the 'Low' category as opposed to the 'Medium' or 'High' category. Users are left to guess whether failing to comply with a requirement would have a low, medium, or high likelihood of affecting the confidentiality, integrity, or availability ePHI, and whether the impact of such an effect would be 'Low,' 'Medium,' or 'High.'"

Read the article.

Related Services

Blog

In The Blogs

Previous Next
Data Privacy Monitor
The Weekly Privacy Rewind
December 18, 2018
State AGs Coalition of AGs Asks Social Security Administration to Establish Database of SSNs to Combat ID Theft • Forty-three state AGs sent a letter to acting Social Security Administration (SSA) Commissioner Nancy Berryhill urging the...
Read More ->
Data Privacy Monitor
Physician Hospitalist Group Settles with OCR and Enters Into a Resolution Agreement for Failure to Have HIPAA Policies and Business Associate Agreement in Place
December 18, 2018
On Dec. 5, 2018, the Office for Civil Rights (OCR) of the U. S. Department of Health and Human Services (HHS) announced that Advanced Care Hospitalists PL (ACH) had entered into a $500,000 settlement and resolution agreement (RA) resulting...
Read More ->
Data Privacy Monitor
Wearables in The Arena: The Shifting Legal Landscape Governing Fitness Trackers in Professional Sports
By Robyn M. Feldstein, Ronald B. Gaither, Elizabeth G. McCurrach, Melinda L. McLellan
December 17, 2018
The use of wearable technology (colloquially known as “wearables”) has been on the radar of athletes, sponsors, sports teams and leagues for years, with the various constituencies carefully balancing the necessity for player privacy with...
Read More ->
Data Privacy Monitor
New Guidance on GDPR Data Processing Contracts Published by the UK ICO
By David M. Brown
December 14, 2018
The U.K. Information Commissioner’s Office (ICO) recently published guidance on contracts between controllers and processors. This new guidance provides a more in-depth and detailed discussion of the key issues than did a previously...
Read More ->
Data Privacy Monitor
Controversial Australian Encryption Act Denounced by Privacy and Cryptography Advocates
By Brian P. Bartish
December 13, 2018
Last week, Australia’s parliament passed a controversial act that will enable law enforcement and intelligence agencies to compel access to encrypted communications. In an explanatory memorandum, the Australian Parliament stated that the...
Read More ->