MedTech Security a Top Concern for HHS Inspector General
February 12, 2014
Security will be a top priority for the coming fiscal year for HHS's Office of Inspector General (OIG), according to their recently released Work Plan for Fiscal Year 2014. The security of portable devices and networked medical devices in hospitals, and the security of the Affordable Care Act (ACA)'s healthcare.gov Web site will be examined.
Also high on the list are the security of the electronic medical record (EMR) program and EMR privacy compliance by healthcare organizations. OIG will also scrutinize the HHS Office for Civil Rights' oversight of HIPAA compliance by healthcare entities.
OIG says its Work Plan "provides brief descriptions of activities that OIG plans to initiate or continue with respect to HHS programs and operations." A PDF of the 101-page document is available for download here. Industry insiders say that the Work Plan is a useful key to identifying possible compliance risk areas.
The Work Plan says, "Computerized medical devices, such as dialysis machines, radiology systems, and medication dispensing systems that are integrated with EMRs and the larger health network, pose a growing threat to the security and privacy of personal health information." OIG will "determine whether hospitals' security controls over networked medical devices are sufficient to effectively protect associated electronically protected health information (ePHI) and ensure beneficiary safety."
Attorney Adam Greene of the law firm Davis Wright Tremaine's Washington office told Marianne Kolbasuk McGee, writing for GovInfoSecurity.com, that, "Medical device information security is an important area, and this may be the OIG activity that has the largest impact. OIG's findings in this area will bring more attention to this problem," he said, "and could spur HHS and other regulators to increase their focus on this issue. It will be interesting to see if OIG addresses what role the different agencies, such as FDA and the Office for Civil Rights, should have in improving device security."
OIG released the 2014 Work Plan on January 31. In the past, the Work Plan for the following fiscal year was released in October. As reported by the Health Care Compliance Association (HCCA), HHS said, "This change from the usual October release will better align with priorities OIG has set for the coming year."
About the Author
You May Also Like