Federal agencies fail to meet OMB security deadline
HIPAA Weekly Advisor, August 28, 2006
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Federal agencies are having trouble complying with a recent memo from the Office of Management and Budget (OMB) that prescribes measures for securing information on portable devices, Federal Times reports. The OMB had recommended that agencies take the following actions:
- Encrypt all sensitive data on mobile computers/devices
- Allow remote access only with two-factor authentication, where one of the factors is provided by a device separate from the computer gaining access
- Use a timeout function for remote access and mobile devices that requires the user to reauthenticate after 30 minutes of inactivity
- Log all computer-readable data extracts from sensitive databases and verify that each extract has been erased within 90 days or is still being used
Alan Paller, director of research at the SANS Institute, a security research firm in Bethesda, MD, told the Times that the four OMB recommendations are hard to implement. In addition, many agencies interpreted the August 7 final date as a deadline for drawing up implementation plans rather than actually establishing the protections. Members of Congress are eyeing legislative solutions to security problems if the OMB's directive is ineffective, according to the Times.
Click here to read the Times article.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Identify modifiable risk factors to prevent patient falls
- Hospitals are not bound by InterQual criteria for determining patient status
- Searched