FDA recommends steps to secure health care networks, connected devices   06/13/2013
The Food and Drug Administration today issued a safety communication to build awareness of the vulnerabilities and risks associated with medical devices being increasingly connected to information systems and networks. FDA’s communication serves as a good reminder of considerations for health care facilities as they perform a security risk analysis, as required under the Health Insurance Portability and Accountability Act. Recommended steps include restricting unauthorized access to a facility’s network and networked medical devices; ensuring appropriate antivirus software and firewalls are up-to-date; monitoring network activity for unauthorized use; protecting network components through routine and periodic evaluation; contacting the manufacturer if a device presents a potential cybersecurity problem; and developing/evaluating strategies to maintain critical functionality during adverse conditions. In addition, FDA encourages facilities to file a voluntary MedWatch report if they suspect a cybersecurity event has affected a medical device or the network to which the device is connected.
FTC issues revised guidance on Red Flags rule   06/13/2013
The Federal Trade Commission yesterday issued revised guidance to help businesses and other creditors comply with its Red Flags rule, which was revised last year to reflect a change in the law that more narrowly defined the types of creditors subject to the rule. Hospitals and others that meet the rule’s definition of “creditor” must develop a written identity theft prevention program. The rule generally applies to creditors that “regularly and in the ordinary course of business” engage in certain conduct, such as using or furnishing information to consumer reporting agencies in connection with a credit transaction. However, the regulatory obligations in the rule are not triggered by isolated conduct.  “What is deemed ‘regularly and in the ordinary course of business’ is specific to individual companies,” the new guidance states. “If you get consumer reports or furnish information to a consumer reporting company regularly and in the ordinary course of your particular business, the rule applies, even if for others in your industry it isn’t a regular practice or part of the ordinary course of business.” For more on the rule, visit www.aha.org/redflags.
Report looks at state approaches to Medicaid expansion decisions   06/13/2013
A new report from the Urban Institute explores how state officials and stakeholders are analyzing the fiscal and macroeconomic implications of Medicaid expansion decisions in 10 states: Alabama, Colorado, Maryland, Michigan, Minnesota, New Mexico, New York, Oregon, Rhode Island and Virginia. The report found that in each state where relatively comprehensive analyses of costs and fiscal gains were conducted, the net result showed that, on balance, Medicaid expansion would yield state fiscal advantages.