HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

You Had One Job, or, If you can’t ensure data security, then ….

June 18, 2019

Vibrent, one of NIH’s data management contractor for the All of Us genomic and other health data research project, was found by OIG to have a number of holes in its data security infrastructure and policies, ranging from failure to encrypt its AWS servers to failure to adhere to FISMA (federal IT security) standards more broadly. OIG also found that NIH fell down on the job by not monitoring its contractor more closely. Everything has been patched, but this represents a black eye for a program intended to build public confidence in government colleciton and analysis of sensitive medical and genomic data as it seeks to enroll one million Americans.

What can NIH, or any entity responsible for dealing responsibly with sensitive medical, genomic or other personal data, do to discharge its responsibilites more adequately?

As regular readers of HealthBlawg are already rehearsing silently, it’s all about infusing a compliance mindset into organizational culture. This, combined with practical tools and empowerment of personnel, will then manifest itself in comprehensive data privacy and security policies and procedures, function-specific appropriate training and testing of personnel, compliance review of subcontractor organizations, personnel and technical infrastructure in advance of engagement, regular audits of subcontractors’ activities and deliverables from a data security perspective, and more. Many of these ideas are spelled out in the federal standards applicable to this procurement, but somehow they didn’t make it to the front lines.

The All of Us program has taken long enough to get off the ground, and is taking baby steps towards its enrollment goals. Here’s hoping that this misstep does not squander the momentum the program has built to date.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Compliance, Consumer-Directed Health, Digital Health, Genomics, Health care policy, Health Law, Healthcare Innovation, HHS, HIPAA, HIT, OIG, Privacy, Security

you might also like:

  1. GAO finds CMS data security practices wanting

  2. HIPAA Privacy and Security Compliance: Should You Care?

  3. Talking Healthcare Data Security on HIMSS.tv

« Live at HIMSS 2019 with 2bPrecise and PatientMatters — Harlow on Healthcare
Nick VanDuyne, RHIOs and the SHIN-NY — Harlow On Healthcare »

Follow me on Twitter

David Harlow 💉😷 Follow 42,914 17,570

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
31m 1620898131004072027

The Harlow #Healthcare #Innovation Daily https://paper.li/healthblawg/1489156253?share_id=0e46a740-a278-11ed-ad57-fa163e65ae25 #digitalhealth #hcldr #HarlowOnHC Thanks to @Mr_Don_Auto @KardonHIPAA @vadernauts #digitalhealth #healthtech

Reply on Twitter 1620898131004072027 Retweet on Twitter 1620898131004072027 0 Like on Twitter 1620898131004072027 0 Twitter 1620898131004072027
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
4h 1620842034113175552

ICYMI> Interoperability and NLP with Kyle Silvestro, CEO of SyTrue — Harlow On Healthcare https://healthblawg.com/2022/03/interoperability-nlp-sytrue.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Interoperability and NLP Twitter feed image.
Reply on Twitter 1620842034113175552 Retweet on Twitter 1620842034113175552 0 Like on Twitter 1620842034113175552 0 Twitter 1620842034113175552
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
7h 1620801819612946434

The latest Harlow On Health Care Daily #HarlowOnHC #digitalhealth #healthcare #innovation #privacy #hcldr Thx: @TWDigitalHealth @MrsYisWhy @thecommunityvc #digitalhealth #healthtech

Image for twitter card

Artificial intelligence model finds potential drug molecules a thousand times faster

techxplore.com The entirety of the known universe is teeming with an infinite number of molecules. But what fraction...

paper.li

Reply on Twitter 1620801819612946434 Retweet on Twitter 1620801819612946434 0 Like on Twitter 1620801819612946434 0 Twitter 1620801819612946434
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]