OMB: Agencies must ensure remote security
HIPAA Weekly Advisor, July 10, 2006
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Federal departments have 45 days to ensure their security procedures meet the recommendations of the National Institute of Standards and Technology (NIST), according to a memo released June 23 by the Office of Management and Budget (OMB).
The memo targets practices that led to the recent theft of a Department of Veterans Affairs laptop containing sensitive information for more than 26 million veterans.
In addition to the NIST standards, the OMB recommended that agencies take the following actions:
- Encrypt all sensitive data on mobile computers/devices
- Allow remote access only with two-factor authentication, where one of the factors is provided by a device separate from the computer gaining access
- Use a timeout function for remote access and mobile devices that requires the user to reauthenticate after 30 minutes of inactivity
- Log all computer-readable data extracts from sensitive databases and verify that each extract has been erased within 90 days or is still being used
Click here to read the OMB memo.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Identify modifiable risk factors to prevent patient falls
- Hospitals are not bound by InterQual criteria for determining patient status
- Searched