The final version of the ONC plan that has the objectives to use health IT to make care safer and to continuously improve the safety of health IT. The document can be viewed here: onc_patient_safety_planRead More

ONC guidance on annual surveillance plans by authorized certification bodies. Authorized Certification Bodies are expected to conduct surveillance on EHRs that they have certified. This guidance provides the priorities for topics to assess in the surveillance plan. Safety-related capabilities and security capabilities are two of the four areas for priority identified in this guidance. onc_surveillance_plan_guidanceRead More

ONC contract with the Joint Commission to investigate health IT-related safety events. The purpose of this contract is to ensure that there is an early detection system on health IT-related safety issues, including those associated with EHRs. The document can be viewed at the following link: ONC_tjc_contractRead More

NIST was directed to prepare a cybersecurity framework for critical infrastructure in Presidential Executive Order 13636. Healthcare was identified as one of the areas with critical infrastructure. This draft for comment is only an outline of the framework. NIST_draft_outline_cybersecurity_frameworkRead More

ICS-CERT is issuing this alert to provide early notice of a report of a hard-coded password vulnerability affecting roughly 300 medical devices across approximately 40 vendors. The document can be viewed at the following link: ICS-CERT_alert_med_devRead More