OCR Guidance on Software Vulnerabilities and Patching

Posted by BAS - 26 July, 2018

header-picture

In a recent newsletter, the Office for Civil Rights of the U.S. Department of Health and Human Services provided guidance on software vulnerabilities and patching.

Software is the instructions that runs computers and other electronic devices. Software often contains “bugs,” which are mistakes in the coding that impacts how the software works. According to OCR, some of these bugs may introduce security vulnerabilities that could allow hackers access to a user’s computer network. Covered entities under HIPAA rely on software for processing and handling PHI.

When covered entities perform their risk assessment, they should identify and mitigate risks and vulnerabilities that un-patched software may have on an organization’s electronic protected health information. The mitigation activity should include installing patches and installing those patches where reasonable and appropriate.

For the full newsletter on patching software vulnerabilities, click here.

Topics: MyEnroll360 Security


Recent Posts

Question of the Week - Allergy Medicine

read more

New Guidance on Tracking Technologies and HIPAA

read more

Enhancing Benefits Administration Efficiency: MyEnroll360's New Hire Waiting Period Management

read more