November 28, 2016. On November 22, the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (HHS) published a news release announcing a $650,000 settlement with the University of Massachusetts Amherst (“UMass”) for HIPAA Violations in a unit that had not been identified as a health care component and had failed to implement HIPAA Privacy and Security Rule safeguards.
November 14, 2016. On November 10, 2016, we discussed the Security Measure Attestation Rules for the Certified EHR Meaningful Use Incentive Program in a prepublication version of this Final Rule—Electronic Health Record (EHR) Incentive Programs--published in today’s Federal Register under a much longer title covering a number of Centers for Medicare & Medicaid Services (CMS) rulemaking activities.
November 11, 2016. We have reported in earlier blog postings about the National Institute of Standards and Technology (NIST) September 15, 2016, Cybersecurity initiative entitled: NIST Releases Baldridge-Based Tool for Cybersecurity Excellence: Comments Sought on Draft Guide to Enhance Cybersecurity Framework (posted October 18, 2016) and the NIST intention to release in March 2017 a 5th Revision of the Special Publication (SP) 800-53, Revision 4 entitled: Security and Privacy Controls for Federal Information Systems and Organizations (posted November 8, 2016).
November 10, 2016. The Centers for Medicare & Medicaid Services (CMS) will publish in the Federal Register on Monday, November 14, 2016, a lengthy document—in prepublication format examined here--with a long title consisting of multiple components, one of which is entitled: Electronic Health Record (EHR) Incentive Program.
November 9, 2016. The National Institute of Standards and Technology (NIST) has published Draft NIST Special Publication (SP) entitled: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) (SP 800-181, November 2016). The public comment period is from November 2, 2016-January 6, 2017, with instructions for submitting comment in the draft publication. The Abstract of the document is reproduced here:
November 8, 2016. On November 4, 2016, the National Institute of Standards and Technology (NIST) released an updated version of Advanced Encryption Standard Algorithm Validation List that describes “implementations which have been validated [through testing] as correctly implementing the [Advanced Encryption Standard (AES)] algorithm.” The implementations “consist of [descriptions of] software, firmware, hardware, and any combination thereof” by vendors that are responsible “to notify NIST of any necessary changes to its entry” in the updated document.
November 1, 2016. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) have jointly issued in October a guidance document entitled: Sharing Consumer Health Information? Look to HIPAA and the FTC Act.