Retail Payment vs Medical Record Breaches

Those of us involved in the information security business receive lots of questions from friends, neighbors and family related to their concerns about privacy. At InfoGard, we are heavily involved in evaluating the security of both Healthcare IT and retail payment devices and systems. Questions related to the vulnerability of retail payments have become increasingly common. However, little concern is voiced about the safety of healthcare records. While everyone has heard about Target’s, Supervalu’s (Albertson’s) and Home Depot’s breaches, and more recently, Kmart, the general public lacks an awareness of healthcare breaches. Furthermore, even when they hear the dismal history, they lack the same level of concern. Continue reading

Table of Contents – InfoGard’s EPCS Blog Articles

Just over a year ago, InfoGard Laboratories launched a blog to inform the public of news regarding Health IT, EHR, and EPCS. In an effort to create an easy navigation system for readers interested in browsing topics on EPCS, we have put together a list of all the articles we’ve written regarding the topic of EPCS: Continue reading

Doctor writing ONC Releases 2015 Edition

ONC Releases 2015 Edition Proposed Rule

On February 21, 2014, ONC announced that they have published the Proposed Rule for 2015 Edition of EHR certification criteria. This new edition is intended to be a voluntary, incremental step before the 2017 Edition requirements are released. The 2015 Edition criteria do not correspond with a new Meaningful Use Stage from CMS. Instead, providers and hospitals will be allowed to attest with either a 2014 Edition certified EHR or a 2015 Edition certified EHR in Stage 2. Continue reading

ONC HIT Certification Programmoney and stethoscope

InfoGard Remains Committed to the ONC HIT Certification Program

With CCHIT’s announcement that they plan to withdraw from the ONC HIT Certification Program, InfoGard would like to assuage concerns regarding the stability of the program and our commitment to our vendors and their certifications.  As one of the original testing and certification organizations for the ONC HIT Certification Program, InfoGard is fully vested in the success of this program.  “The ONC HIT program is an important component of InfoGard’s Healthcare IT portfolio of services that we provide to our HIT customers.  The Health IT market is part of our focused long term strategic plan,” says Mark Shin, InfoGard COO. Continue reading

EHRs – Configuration Management and Certification

stethoscope notepad EHROffice of the National Coordinator (ONC) has recently informed ONC-ACBs that they will be required to submit a unique version when certifying an update to a previously certified product. This has also been stated on the ONC’s JIRA Issue Tracker in response to questions from the public ( While ONC is not dictating a specific version control method, vendors will be required to revise the version when updates are made.

Why? Continue reading

EPCS Resources

Here at InfoGard Laboratories, we have experience with EPCS requirements and their specified Security methods and standards. Understanding, navigating, and implementing the requirements for Electronic Prescriptions for Controlled Substances (EPCS) can be a challenge, to say the least. This week we have pulled together some of what we find to be great resources to help you with your EPCS needs.Pills-prescription EPCS Resources

Continue reading

EHR Meaningful Use Security Risk Analysis

Pills and Steth Security Risk AnalysisMedicare and Medicaid EHR incentive payments more than doubled from $6.9 billion in August 2012 to a staggering $14.6 billion at the end of April 2013.  This increase indicates that physicians and hospitals are continuing to participate in the Meaningful Use program and adopting Electronic Health Records (EHRs).

Successfully attesting to CMS indicates that the core and objective measures have been satisfied. Included in the required measures is Meaningful Use Measure 14 for EPs/15 for hospitals, with the following objective: “Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.” The objective in itself appears to be an achievable task as written. It is well known within the medical community that protecting electronic protected health information (ePHI) is paramount to success, and it is the law according to the U.S. Department of Health & Human Services Office for Civil Rights. Adopting and implementing an EHR achieving the required use percentages is a major undertaking for any practice or hospital.  Continue reading

EPCS (Electronic Prescriptions for Controlled Substances): Finding Guidance through the Fog

EPCS PillsAlthough the DEA’s Interim Final Rule permitting Electronic Prescriptions for Controlled Substances (EPCS) at the Federal level became effective June 1, 2010, it does not supersede state laws.  According to the Surescripts website, 44 states currently allow EPCS.  In many states without existing regulations governing e-prescribing of controlled substances, the DEA’s Rule allowed EPCS to proceed without any adjustment to state regulations; however, in other states, such as New York, changes were needed to allow EPCS.

Some History on EPCS

In March of 2013, EPCS became permissible in the State of New York.  Under New York’s amended regulations, practitioners and pharmacists engaging in electronic prescribing and dispensing of controlled substances must register their applications with the New York State Department of Health.

Continue reading