HHS OIG Announces Information Security Initiatives in 2015 Work Plan

King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

The 2015 Work Plan of the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) posted on Friday, October 31, 2014, includes initiatives focused on testing information security controls related to Affordable Care Act health insurance marketplaces and entities that receive Medicare “meaningful use” incentive payments for adoption of electronic health record (“EHR”) technology.

Noting that it previously had conducted a review of information security of HealthCare.gov, OIG intends next to determine whether information security controls for the systems outside of the Federally Facilitated Marketplace containing and storing consumer information have been implemented in accordance with federal requirements and recognized industry best practices. OIG stated that it may conduct vulnerability scans, when feasible, using automated tools that seek to identify known security vulnerabilities and discover possible methods of attack that can lead to unauthorized access or the exfiltration of data. This review will include examination of State-based marketplaces in addition to the two State-based exchanges reviewed by OIG previously.

OIG also announced that it will perform audits of HIPAA covered entities receiving EHR incentive payments under the Medicare program as well as their business associates. According to the 2015 Work Plan, a core meaningful use objective for eligible providers and hospitals is to protect electronic health information created or maintained by certified EHR technology and, in furtherance of this objective, to conduct a security risk analysis of certified EHR technology. In addition to the covered entities, OIG noted that their business associates increasingly are playing a larger role in the transmission, storage and processing of electronic health information. Accordingly, OIG states that audits of cloud service providers and other downstream service providers are necessary to ensure compliance with regulatory requirements and contractual agreements.

For a copy of the 2015 Work Plan, please click here.

Reporter, Robert M. Keenan, III, Atlanta, +1 404 572 3591, rkeenan@kslaw.com.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide