Health Information Compliance Alert
Feds Issue Alert on Blue Button 2.0 Threat
PDF
Apparently, even Medicare struggles with data security and protecting patients’ data, reports suggest. Details: One of the Centers for Medicare & Medicaid Services’ (CMS) third-party associates discovered a “data anomaly” in its Blue Button 2.0 API (BB2.0), an agency blog post states. After looking into the incident, a bug in the BB2.0 codebase was found, and it may have exposed some Medicare beneficiaries’ protected health information (PHI). “BB2.0 was truncating a 128-bit user ID to a 96-bit user ID,” CMS explains. “The 96-bits remaining were not sufficiently random to uniquely identify a single user. This resulted in the same truncated user ID being assigned to different beneficiaries.” CMS continues, “Because BB2.0 was truncating the user ID provided by the identity management system, some beneficiaries with the same truncated ID were passed data pertaining to other users via BB2.0.” Though the technical issue impacted less than 10,000 individuals and only 30 BB2.0 apps, CMS instituted more in-depth code reviews, testing, and cross team collaboration. After a full review, CMS “corrected the faulty code, implemented additional protections, and is resuming normal operations of the system,” the agency said in a Dec. 27, 2019 update. Find out what apps were impacted at https://bluebutton.cms.gov/blog/bbapi-update.html.
Health Information Compliance Alert
- Cybersecurity Quiz:
Test Your Cybersecurity Smarts With These 10 Questions
Tip: Make staff training a priority in 2020. Data security continues to be the Achilles [...] - Telehealth Compliance:
Master Telehealth Reporting with Expert Advice
Tip: Confirm originating site guidance, suggest MAC reps. There’s no denying that telehealth offers providers [...] - Know These New Code Options for Telehealth
Hint: Opioid abuse treatment gets a boost in 2020. If you rely on telehealth services [...] - Toolkit:
Boost Your AI Knowledge in the New Year
Add these 7 must-know terms to your artificial intelligence word bank. As artificial intelligence (AI) [...] - Reader Question:
Know the Rules on Documenting Your Risks
Question: We are in the beginning stages of our annual risk assessment. Is there a [...] - Reader Question:
Review Patient Authorization Rules Before Disclosing Test Results to Employers
Question: When an employer pays our office to perform vision tests, can we disclose the [...] - Enforcement News:
Feds Issue Alert on Blue Button 2.0 Threat
Apparently, even Medicare struggles with data security and protecting patients’ data, reports suggest. Details: One [...] - Enforcement News:
DHS Alerts Healthcare of Possible Iranian Cyber Attacks
As tensions escalate between the United States and Iran, the feds warn the healthcare industry [...] - Enforcement News:
New Commissioner Starts at FDA
The feds finally confirmed a new Food & Drug Administration (FDA) head after months with [...]