News

HealthData Management Article Discusses Blog Post by Randy Gainer on ONC Security Tool

An article in Health Data Management magazine (“ONC Needs to Improve Risk-Rating Features of New Security Tool,” April 16, 2014) discussed “the risk-rating features of a tool developed by the Office of the National Coordinator for Health IT to help healthcare providers in small to medium sized physician offices conduct security risk assessments (SRA).” Referencing an April 9, 2014, post by Randy Gainer on BakerHostetler’s blog, Data Privacy Monitor, the article reported that the tool needs improvement. The article quotes Gainer’s assessment that "the tool offers incomplete guidance regarding why the risks associated with each requirement should fall into the 'Low' category as opposed to the 'Medium' or 'High' category. Users are left to guess whether failing to comply with a requirement would have a low, medium, or high likelihood of affecting the confidentiality, integrity, or availability ePHI, and whether the impact of such an effect would be 'Low,' 'Medium,' or 'High.'"

Read the article.

Blog

In The Blogs

Previous Next
Data Counsel
California's AB 587: What You Need to Know About Social Media Content Moderation
By Jiwon (Jamie) Kim, Jeewon K. Serrato
November 21, 2022
On Sept. 13, California Gov. Gavin Newsom signed into law AB 587, which requires social media companies to publicly post their content moderation policies and semiannually report data on their enforcement of the policies to the attorney...
Read More ->
Data Counsel
New York Department of Financial Services Publishes Proposed Second Amendment to Its Cybersecurity Regulation
By Elise R. Elam, Patrick H. Haggerty, Vaughn Stupart
November 17, 2022
On Nov. 9, 2022, the New York State Department of Financial Services (NYDFS) published a proposed second amendment to its cybersecurity regulation. This follows its pre-proposed amendment that was published on July 29. Our prior analysis...
Read More ->
Data Counsel
OCR releases YouTube Addressing "Recognized Security Practices" in HIPAA Enforcement Context
By Adam I. Cohen, Kimberly C. Gordy, Craig A. Robinson
November 14, 2022
As a Halloween treat for HIPAA-covered entities and business associates, on October 31, the Department of Health and Human Services Office for Civil Rights (OCR) released a new video on its YouTube channel, in which senior OCR...
Read More ->
Data Counsel
Could Careless Coders Face False Claims Liability?
By Brian Craig, Stephen E. Ruscus
October 28, 2022
New Software Development Security Attestation and Related False Claims Act Liability for Commercial and Noncommercial Software Developers and Suppliers Key takeaway Software producers at all levels in the federal supply chain should...
Read More ->
Data Counsel
Top NFT-Related Cybersecurity, Phishing, Hacking and Other Risks in 2022
By Robert A. Musiala Jr., Veronica Reynolds
October 26, 2022
The continued growth of the market for nonfungible tokens (NFTs) in 2022 has helped shape the zeitgeist of what has been referenced colloquially by some as the “fourth industrial revolution,”[1] defined largely by network effect (e.g...
Read More ->