Wyatt HITECH Law

A Blog About Health Information Technology, Privacy & Security Developments


Leave a comment

Healthcare CIOs: Check for vulnerability of OpenSSL servers to Heartbleed

HeartbleedBugUpdated April 13, 2014 at 6:30 pm

CYBER RISK ALERT!  Just when we thought we were safe online while using websites that display the key security “https” in the URL, we learn that nothing could be further from reality.  On April 7, 2014, security researchers at Codenomicon announced the discovery of a flaw in the OpenSSL (security socket layer) that is used in an estimated two-thirds of the servers that support websites displaying the “https” letters that we have come to trust.  Based on the back-end technology of OpenSSL, which involves what is called a “heartbeat” extension and a leakage of data from the server, this new cyber liability threat has been dubbed Heartbleed.

Vulnerability of HIT and Compliance with HIPAA.  Although the OpenSSL flaw’s name has no direct connection to health information technology (HIT), it ironically could be a pain for health care providers. Continue reading


Leave a comment

AHIMA Issues Guidance on Appropriate Use of Copy and Paste in EHRs

16354859As we have written about in previous posts, the Office of Inspector General (OIG) for the United States Department of Health and Human Services (HHS) has been critical of the copy/paste function that is available in electronic health record (EHR) technology developed by software vendors.  (See “Electronic Health Records in OIG’s Sights for 2013“, October 20, 2012; “OIG recommends fraud safeguards in hospital EHR technology“, December 11, 2013; “OIG Report on CMS’ EHR Audit Practices Concludes The Practices Are Not Very Sophisticated“, February 11, 2014)  As our February 11, 2014 post concludes, while turning off the copy/paste functionalities are not the immediate solution to preventing a misuse of the function, health care providers should implement standards for its use.  The American Health Information Management Association (AHIMA) recently issued guidance, “Appropriate Use of the Copy and Paste Functionality in Electronic Health Records,” dated March 17, 2014, discussing the availability and appropriate use of the copy and paste function.

AHIMA supports maintaining the copy/paste functionality in ONC’s EHR certification standards and allowing for its use in CMS Conditions of Participation.  AHIMA encourages CMS to augment provider education and training materials on the appropriate use of copy/paste in order to reduce the risk that it may pose to quality of care, patient safety and fraudulent documentation.  Importantly, AHIMA recommends that health care providers implement policies and procedures to guide users of EHRs on the proper use of copy/paste functionalities.  To read the AHIMA guidance, click here.


Leave a comment

March 31st Attestation Deadline for Eligible Professionals

strike before midnightReminder:  The deadline for Medicare eligible professionals to attest to meaningful use of certified electronic health record technology for the 2013 program year is just two weeks away.  Attestations are due on March 31, 2014 at 11:59 pm EST.  Click here for addition information about the EHR incentive program as well as to register or attest to meaningful use.

Follow

Get every new post delivered to your Inbox.

Join 723 other followers