• E-mail
• Print
• RSS

Work Plan for FY 2016 released

HIM-HIPAA Insider, November 9, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Office for Civil Rights (OCR) oversight and the security of ePHI are on the Office of the Inspector General’s (OIG) list for 2016. The OIG released its Work Plan for FY 2016, which summarizes new and current OIG reviews of HHS programs and operations. Among the issues OIG is planning to review are security of networked medical devices at hospitals and OCR’s oversight of ePHI.

OCR can continue to expect scrutiny in the coming year. The OIG’s planned review will focus on whether OCR’s oversight of the security of ePHI is adequate. The work plan cites previous OIG audits that found OCR had not “assessed the risks, established priorities, or implemented controls for its HITECH Act requirement to provide for periodic audits of covered entities and business associates to ensure compliance with HITECH Act and HIPAA Rule requirements.” These audits also revealed vulnerabilities in the systems that protect ePHI. The OIG notes that these weaknesses mean that OCR has “limited assurance that covered entities and business associates adequately protected ePHI.”

The OIG will also review the U.S. Food and Drug Administration’s management of the security of computerized networked medical devices, including dialysis machines, radiology systems, and other systems that are integrated with electronic medical records, to determine if current security measures provide sufficient protection for ePHI.
 

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

• E-mail to a Colleague
• Print
• RSS
• Archive