The Office of the National Coordinator for Health Information Technology (ONC) has recently release more information on two grant programs. The HITECH Act authorizes two grant programs: (1) a Health Information Technology Extension Program (Extension Program) and (2) the State Health Information Exchange Coopertive Agreement Program (Agreement Program). This program provides grants for the establishment of Health Information Technology Regional Extension Centers that will offer technical assistance, guidance and information on best practices to support and accelerate health care providers’ efforts to become meaningful users of Electronic Health Records (EHRs). The consistent, nationwide adoption and use of secure EHRs will ultimately enhance the quality and value of health care. The State Health Information Exchange Cooperative Agreement Program supports states and/or State Designated Entities (SDEs) in establishing health information exchange (HIE) capacity among health care providers and hospitals in their [...]
|
|||||
|
By Robert Hudock, on August 24th, 2009
 Print This PostAugust 24th, 2009 | Tags: EHR, Health Information Technology Regional Extension Centers, HIE, Office of the National Coordinator for Health Information Technology, ONC, State Designated Entities, State Health Information Exchange Cooperative | Category: American Recovery and Reinvestment Act, EMR, HITECH Act, Health Information Technology, Health Reform, Health and Humans Services (HHS), Interoperability, Meaningful Use, Office of the National Coordinator for Health Information Technology |
One comment
Print This PostBy Robert Hudock, on August 21st, 2009
Print This PostRegulations requiring health care providers, health plans, and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when personal health information is breached were issued August 19th, 2009, by the U.S. Department of Health and Human Services (HHS). These “breach notification” regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 [...] August 21st, 2009 | Tags: Data at Rest, Data Disposed, Data in Motion, Data in Use, Destruction, Encryption, FTC, Health Breach Notification Rule - FTC, HHS, HIPAA, OCR, paper, redaction, Report, security breach | Category: American Recovery and Reinvestment Act, Computer Security Law -- Federal, Encryption, FIPS 140-2, FTC Security Breach Notification, HIPAA Security, HITECH Act, Health and Humans Services (HHS), Media Sanitization, NIST, Office of Civil Rights, unsecured protected health information |
Leave a comment
Print This PostBy Robert Hudock, on August 19th, 2009
Print This PostThe Commonwealth of Massachusetts recently extended the date for compliance with the newly issued regulations, entitled Standards for the Protection of Personal Information of Residents of the Commonwealth, 201 CMR 17:00, to January 1, 2010.[1] The regulations have been extended yet again now the regulations are slated to take effect on March 1, 2010. By Robert Hudock, on August 18th, 2009
Print This PostNIST approved XTS-AES for the secure encryption of block devices in NIST Special Publication 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Block-Oriented Storage Devices (Draft August 2009)(available at http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/XTS/follow-up_XTS_comments-Ball.pdf) subject to a caveat on the file size. The number of blocks that can be securely encrypted using this method is 2^20 blocks. The Advanced Encryption Standard (AES) is a FIPS-approved cryptographic algorithm (Rijndael, designed by Joan Daemen and Vincent Rijmen, published in 1998) that may be used by US federal departments and agencies to cryptographically protect sensitive information. There are various modes of operation some of them are approved by NIST FIPS 140-2. NIST’s decision approves the use of XTS-AES for encrypting block devices (hard drives, optical media, etc.) is particularly significant because TrueCrypt is an open source implementation of [...] August 18th, 2009 | Tags: Ciphertext Stealing, csrc, IEEE, NIST, Standard 1619-2007, TrueCrypt, truecrypt certified by NIST, XEX, XTS-AES | Category: Computer Security Law -- Federal, FIPS 140-2, HIPAA Security, NIST |
Leave a comment
Print This PostBy Robert Hudock, on August 5th, 2009
Print This PostIt appears HHS has taken this critique to heart. HHS recently released notice of an important shift in the internal responsibility/delegation of authority for the monitoring and enforcement of the HIPAA Security Rule (and all additional health IT-related security responsibilities, under ARRA). Previously responsibility for administering (interpretation, education, guidance, FAQs, etc), monitoring and enforcing the HIPAA Security Rule was a CMS responsibility (specifically, the CMS Office of E-Standards and Services or CMS/OESS). The administration, monitoring and enforcement of the HIPAA Privacy Rule fell under the Office for Civil Rights [...] August 5th, 2009 | Tags: CMS, HHS, HIPAA, OCR, Poor Enforcement | Category: CMS, Enforcement, HIPAA Security, Health and Humans Services (HHS), Office of Civil Rights, Privacy Law |
Leave a comment
Print This PostImprove the web with Nofollow Reciprocity. |
|||||
|
Copyright © 2010 Law Blog 2.0 - Robert Hudock, Esq., CISSP - All Rights Reserved - This Blog is a personal blog of Robert Hudock. |
|||||
Open Source Programmers Collaborate To Improve the CONNECT Gateway
On August 27th open source programmers met at HHS to work on developing CONNECT, an open-source solution, written in Java, for the development and implementation of HIE gateways and interfaces to join NHIN and/or interface multiple systems with incompatible communication protocols. The goal of an HIE is to facilitate access to and retrieval of clinical data to provide safer, more timely, efficient, effective, equitable, patient-centered care. HIEs are also useful for public health authorities to assist in analysis of the health of a population. Federal Health Architecture is intended to deliver free, scalable solution to help organizations to tie health information systems into the NHIN. Thus far the project has yielded at least one success (outside of the federal government) where data have been successfully transferred between a civilian hospital and the [...]