There is no doubt that medical and other personal information is more exposed in the cybersecurity realm than ever. When the Office of Inspector General (OIG) announced new proposed amendments to the existing Electronic Health Records (EHR) Safe Harbors in October 2019, perhaps OIG and the Centers for Medicare and Medicaid Services (CMS) were just acknowledging the serious privacy and cybersecurity challenges lurking in the vast scope of ostensibly legitimate sharing of PHI. Various state legislatures also are enacting far-reaching cybersecurity and privacy laws.
Electronic Health Records
By way of background, OIG first adopted the Safe Harbor for the donation of EHR software and training by hospitals to physicians in 2005, but placed limitations intended to discourage inducement or remuneration for referrals by requiring that physicians pay at least 15% of the cost and establishing a sunset provision, i.e.,