NIST Publishes New Digital Identity Guidelines in Four Online Documents

June 27, 2017. The National Institute of Standards and Technology (NIST) released this month new Digital Identity Guidelines in a suite of four final documents in the Special Publication (SP) 800 series as SP 800-63-3. According to NIST, this suite of four documents covers “digital identity from initial risk assessment to deployment of federated identify solutions.” This suite is an outcome of a collaboration of stakeholders from government, industry, and academe, with the guidelines in the suite of documents describing “the risk management processes for selecting appropriate digital identity services and the details for implementing identity assurance, authenticator assurance, and federation assurance levels based on risk”.

HHS OIG Releases Audit of Electronic Health Record (EHR) Meaningful Use Payments

June 13, 2017. On June7, 2017, the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) released a Report of an audit of incentive payments to eligible providers (EPs) for adoption and meaningful use of certified electronic health record technology, entitled: Medicare Paid Hundreds of Millions in Electronic Health Record Incentive Payments That Did Not Comply With Federal Requirements. The Report describes how the audit was conducted:

OCR Publishes Quick-Response Cyberattack Checklist and Graphic for Healthcare Covered Entities and Business Associates

June 12, 2017. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published on June 8, 2017 via its SecurityList “OCR Quick Response Cyber Attack Checklist and Graphic.” The Checklist is entitled: My entity just experienced a cyber-attack! What do we do now? – A Quick-Response Checklist from the HHS, Office for Civil Rights (OCR).

HHS Releases Health Care Industry Cybersecurity Task Force Report Requires Urgent Attention to Ensure Patient Safety

June 12, 2017. On Friday, June 2, 2017, the U.S. Department of Health and Human Services released the Report on Improving Cybersecurity in the Health Care Industry, an outcome of the Cybersecurity Act of 2015. In its blog, HHS stated: “Today, the [Health Care Industry Cybersecurity] Task Force issued their findings to Congress that demonstrate the urgency and complexity of the ever-changing cybersecurity risks facing the healthcare industry. Their report emphasizes that healthcare cybersecurity issues are patient safety issues, and calls for a collaborative public and private sector effort to protect our healthcare systems and patients from cyber threats.”

FBI Releases Guidance on Hardening Security Defenses in Your Organization’s Email System to Thwart Phishing Attempts

June 6, 2017. On May 30, 2017, the Portland, OR office of the Federal Bureau of Investigation issued a news release entitled: FBI Tech Tuesday: Building a Digital Defense with an Email Fortress. The news release provides recommendations for your organization to harden its email system to prevent it from being a defenseless gateway for phishing attempts inducing your workforce members to execute malware on what appear to be legitimate email communications. We present below the recommendations, but recommend that your organization download the news release and circulate the news release with the FBI imprimatur in your organization to call attention to this important matter for foiling successful cyber phishing attempts to penetrate your organization’s information systems.

CMS Updates Emergency Preparedness Rule Guidance June 2, 2017, with Clarifying FAQs

June 4, 2017. On June 2, 2017, the Centers for Medicare & Medicaid Services (CMS) released an update entitled: Emergency Preparedness Rule that revises certain downloadable Frequently Asked Questions (FAQs) pertaining to the September 16, 2016, Final Rule entitled: Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers published in the Federal Register. The preceding June 1, 2017, post describes the 17 providers and suppliers required to achieve compliance with the provisions of the Final Rule by November 15, 2017. Here are Questions (Q) and Answers (A) marked as “revised June 2017” in this update:

November 15, 2017 Compliance Date for CMS Emergency Preparedness Regulations Just 5-1/2 Months Away

June 1, 2017. On September 16, 2016, the Centers for Medicare & Medicaid Services (CMS) published in the Federal Register the Final Rule entitled: “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.” Here is the Summary of the Final Rule, as published:



  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)