OIG Issues Report Regarding Medicare Oversight of Cybersecurity for Networked Medical Devices in Hospitals

King & Spalding
Contact

On June 21, 2021, OIG released a report titled “Medicare Lacks Consistent Oversight of Cybersecurity for Networked Medical Devices in Hospitals” (OEI-01-20-00220) (the OIG Report). OIG determined that CMS’s accreditation survey protocol does not include requirements for networked device cybersecurity, and Medicare Accreditation Organizations (AOs) do not employ their discretion to require hospitals to have cybersecurity plans. OIG recommended that CMS take additional steps to address cybersecurity of networked medical devices in its quality oversight of hospitals.

The OIG Report explains that CMS’s survey protocol for overseeing hospitals is silent with respect to the cybersecurity of networked medical devices (i.e., devices designed to connect to the internet, hospital networks, and other medical devices). These devices can be compromised which can lead to patient harm. OIG conducted interviews with various Medicare AOs, and found that the AOs did not use their discretion to require hospitals to have cybersecurity plans. However, AOs sometimes reviewed limited aspects of device cybersecurity. The OIG Report stated that AOs did not plan to update their survey requirements to address such issues.

In light of the increased use of technology in healthcare, as well as the increased cyberattacks on hospitals, OIG recommended that CMS identify and implement an appropriate way to address cybersecurity of networked medical devices in its quality oversight of hospitals in consultation with HHS partners. In response to the OIG Report, CMS stated that it agreed with considering additional ways to highlight the importance of cybersecurity of networked medical devices for providers.

The OIG Report is available here.

Written by:

King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.