HealthLeaders Media June 28, 2021
Scott Mace

Hospitals have thousands of such devices connected to their networks, capable of accessing EHR records.

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a report last week finding that the Centers for Medicare & Medicaid Services’ (CMS) survey protocol does not include requirements for networked device cybersecurity.

Further, the report stated that CMS’ accreditation organizations (AO) do not use powers they possess to require hospitals to have such cybersecurity plans.

The OIG stated that hospitals that identify networked device cybersecurity as part of their emergency preparedness risk assessments can get their mitigation plans reviewed by AOs.

In practice, however, hospitals frequently fail to identify device cybersecurity in these risk assessments, the AOs told...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

 
Topics: Cybersecurity, EMR / EHR, Govt Agencies, Health IT, Health System / Hospital, HHS, Insurance, Medical Devices, Medicare, OIG, Provider, Survey / Study, Technology, Trends
CMS releases Medicaid payment flexibilities during Change cyberattack
Four big questions for DC following massive health care hack
CMS Guidance on Change Healthcare/ Optum Payment Disruption
Change attack update: UnitedHealth launching medical claims solution
Medicaid And Cybersecurity: What Payers Need To Know About Biden's Budget

Share This Article