Health knowledge made personal
Join this community!
› Share page:
Search posts:

HHS Office of Inspector General Releases Extensive Work Plans for 2014 To Include Auditing Medical Device Security, Security of

Posted Feb 11 2014 1:41pm

The Office of the Inspector General is considered the “watchdog” if you will and the agency exists in several government agencies and here we are focused on the efforts as related to HHS and technologies used.  Security of course is the #1 concern out there right now, or should be let’s say.  We have had different portions of HHS perhaps crossing tracks with different technologies and that’s going to happen more and more, just the way technology works.  You see the FDA working with the NIH, and so on.  I said a while back that the ONC which works on the certification and technology aspects might consider being it’s own entity of the FDA since what they do and what the FDA does is becoming more intertwined all the time and one agency has assets the other does not, so why not collaborate under the same roof?  The ONC has the eyes for the doctors and certification while the FDA with mobile has software engineers that look for a meeting of the minds instead of separation perhaps? 

mHealth Why Battle Over Where the Responsibility Lies, Make the ONC A Division of the FDA, Better Collaboration and Software Engineering Exposure Both Ways Around

FDA Commissioner Hamburg also shares the idea of safety being the the forefront as responsibility at the FDA I would say almost increases daily with work loads a something pops up today that wasn’t there yesterday.  I do agree with her thoughts about “the latest and greatest” as boy do I see a ton of that just doing this blog and I stated a while back that half of the analytics out there being developed too will be a waste of money.  Hard part is finding the stuff that has value today.

FDA Commissioner Margaret Hamburg Addresses “Context” And Safety at mHealth Conference-More Important Than The “Latest New Thing” Out There..

The part that kind of strikes me funny a bit is the OIG auditing Healthcare.Gov and I already commented on that and we all know how evolved and there was nobody around with the technical expertise to tell Sebelius and CMS that their models were train wrecks to begin with as the perceptions of those with “not data mechanics knowledge” out there gets weird and there’s no shortage of that with HHS.  I asked too with the Inspector General now doing an audit how experts do they have?  Last I recall the White House had to bring exerts (see link below) in as again the perceptions of those outside with no data mechanics knowledge kind of look around for what I “algorithm fairies” read it all the time in the news.  When I wrote my EMR years ago, had that all the time with the beta doctors and we went round and round on what they thought and what my abilities were and what I could do working within data structures.  What the layman and others perceive is not always what it really is…months of Healthcare.Gov news is out on the web in groves with tons of articles .  There’s a lot of Algo Duping going on out there.  HHS and OIG were duking out the old website capabilities a couple years back.  So I asked the question many of these experts does OIG have sitting around?  Like I said here we go again with weird off the wall perceptions on time and capabilities as well as available resources..makes a good political show though…but useless in reality. 

Sebelius Asks Inspector General To Review Healthcare.Gov, How Many JBoss, Red Hat, Linux, Oracle, MarkLogic And Other Experts Does OIG Have? Time Elements of Baking A Cake From Scratch With Writing Custom Code Was Just Not There..

Someone on Twitter recently told me that the OIG keeps getting budgets cut too, so if that is true, what a challenge here and again we come back to layman perceptions of expecting way too much too soon.  This part gets interesting too with auditing the medical records Incentives which almost about ready to choke on itself. It’s hard and just due to complexities on the rise there’s too much there almost.  It’s not their fault over at the ONC and they are buried and again we have a new person who’s probably very nice running the show but again no tech background, clinical instead…so again to me it makes sense to have these folks over at the FDA with their own entity…the certification process and meaningful use criteria as we know it today might cease to exist if complexities keep growing as they are as how do you handle this monster…and again the perceptions of who Head HHS are out to lunch with what code and people can do.  She has not caught wind of this yet, as I said in 2009 it would eat her up with goofy decision making processes.  Seriously though it’s almost an injustice to expect non tech folks to be over very smart code writing tech folks and get much respect as their perceptions are so out of the loop of reality. 

Last I looked the ONC is looking for someone to be in charge of this that I say “good luck” to who ever takes it on, not an easy task and one will be pulled with questions, comments and probably dogged on by Congress as well in the process of trying to do the job.  Actually the OIG was given the task of monitoring the incentives back in 2010 ..more information here and another look at RAT-STATS, and you can download it too if you want to see what it is and use it too.  It’s that old VB 6 stuff and actually for a lot of auditing functions it works well, but it’s not going to do much to help the OIG here as the complexities are beyond RAT-STATS. 

“Audits of covered entities receiving HITECH Act EHR incentive payments from the Centers of Medicare and Medicaid Services, as well and their business associates , such as cloud vendors offering EHRs, to determine whether they adequately protect electronic health information created or maintained by certified EHR technology”

Also on the list we have privacy…OMG one more difficult area as we have all these data sellers out there with no regulation “running hog ass wild” and and FTC and Congress who seem to be as a level of perception that overwhelms them, you read it all the time..they don’t get it and focus on “text” of laws and can’t seem to make that connection that IT infrastructures run it all…oh well…one more fun job for the OIG in this area.  See what I said about agencies and technologies..OIG could just go hammer on the FTC, maybe? (see link below)  In my book, that would be a good thing as perhaps folks would wake up and come out of the bliss.  Auditing this functionality is almost a joke with HIPAA as the tools are not there along with some IT infrastructures to make the job possible…so don’t hold your breath.  I hammer on the FTC all the time but again I send information to a legal connection so there you go again with text versus code running hog ass wild.

FTC Tries to Bring Strong Case for Consumer Protections With Use of Data–But Nothing About Creating IT Infrastructure Path to Allow Regulation–Gov Can’t or Won’t Model?

The perceptions of those with expectations of the OIG too will be interesting as we have politicians and other government executives that look for algorithms fairies (which I have coined as the Sebelius Syndrome), she got the name for so many representations in public just being so way off target and non intellectual but the RNC has that syndrome too as well as Congress. Again with what the Inspector General has been saddled with, it would not surprise me to see them too end up being a bit of a whipping post for these ridiculous and outrageous perceptions of other as far as what they can really do with auditing in some areas…politicians and executives want those algorithms fairies flying in.   OIG has software called RAT-STATS and it’s old VB6 and what they need today will need to go a beyond it can offer for audits, tech has just evolved.  The Inspector General does a few other neat things, like the most wanted list for HHS, which is very cool. 

HHS Creates 'Most Wanted' List Website for Healthcare Fraud - Office of the inspector general

So the OIG has big agenda…”God help them” as the folks outside of technology will expect more than they can deliver in short time frames too…it’s the way the digital illits out there perceive things and hammer down on others with impossible deadlines and time frames…hmmmm..Healthcare.Gov anyone (grin)?  As I said yesterday in a post “it’s those damn algorithms” making it tough for everyone…by the way have you been Algo Duped or hit by some Killer Algorithms of late?  If you want to know more about those phenomenas, some good videos and reading here, I have a page for that.   BD 

Those Damn “Killer Algorithms” Keep Screwing Up Obamacare, One more Delay Added for Small Businesses, Static Text Laws and Digital Technology Crossing Hairs, We Continue To Endure the Constant Rise And Fall Of The Machines…

The HHS Office of Inspector General plans to scrutinize a number of security-related activities in the healthcare sector in fiscal 2014, including reviewing whether hospitals' security controls over networked medical devices are sufficient to effectively protect patients' information.

The recently released Fiscal Year 2014 HHS OIG Work Plan includes a host of security audit, review and oversight activities planned by the Department of Health and Human Service's watchdog agency in fiscal 2014, which ends Sept. 30.

Besides reviewing medical device security practices of hospitals, other OIG activities planned for 2014 include reviewing security related to the Affordable Care Act's systems; review of security and privacy compliance by healthcare organizations participating in the HITECH Act electronic health records incentive program; and reviewing the HHS' Office for Civil Rights' oversight of HIPAA compliance by healthcare entities.

Medical device security "is a problem that we need to solve before someone gets hurts," McMillan says. "Everyone in the system knows these devices are not secure, yet we, as an industry, have not been able to fix the problem. The FDA has provided some helpful guidance here regarding security considerations for these devices. If the OIG just uses that as its audit criteria for measurement, they will amass a mountain of data and shine another light on this issue. Our providers want more secure devices; they're just not seeing them."

Hat Tip:  Fierce Health IT

Post a comment
Write a comment: