HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

GAO finds CMS data security practices wanting

October 4, 2006

A GAO report made public yesterday finds that Medicare patient data transmission is insecure.  The AP/Washington Post story on the report says:

Security weaknesses have left millions of elderly, disabled and poor Americans vulnerable to unauthorized disclosure of their medical and other personal records, federal investigators said yesterday.

The Government Accountability Office said it found 47 weaknesses in the computer system used by the Centers for Medicare and Medicaid Services to send and receive bills and to communicate with health-care providers.

The agency oversees health-care programs that benefit one in four Americans. Its data are transmitted through a computer network that is privately owned and operated.

The CMS did not always ensure that its contractor followed the agency’s security policies and standards, according to the GAO.

"As a result, sensitive, personally identifiable medical data traversing this network are vulnerable to unauthorized disclosure," the federal investigators said.

CMS’s response stated that there had been no actual security breaches, and also noted (p. 12 of the report):

CMS has moved aggressively to implement corrective actions for the reported weaknesses and that corrective action or new compensating controls had already been completed for 22 of the 47 weaknesses. An additional 19 weaknesses are scheduled for closure. The remaining six weaknesses are under review to determine what additional resources are needed and their financial impact.

This comes on the heels of another GAO report which highlighted privacy breaches among subcontractors administering aspects of Medicare, TRICARE and Medicaid programs, the lack of consistent reporting mechanisms and the fact that some data was stored offshore, potentially beyond the reach of HIPAA enforcement.

We all know that reliance on digitized data and the global economy has created these potential problems.  The GAO reminds us that a little extra vigilance will go a long way towards ensuring that we do not lose control over access to sensitive data.   

Filed Under: Ehealth, EHR, Health Law, HIPAA, HIT, Medicaid, Medicare, Privacy

you might also like:

  1. You Had One Job, or, If you can’t ensure data security, then ….

  2. Yes Virginia, the GAO points a finger at diagnostic imaging providers

  3. GAO says HHS is on the road to a coordinated privacy policy, but not there yet

« Massachusetts radiation therapy CON applications filed
Will the IRS be the spoiler in hospital-financed EHR and e-prescribing software distribution? »

Follow me on Twitter

David Harlow 💉😷 Follow 42,910 17,570

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
6h 1620535759902998528

The Harlow #Healthcare #Innovation Daily #digitalhealth #hcldr #HarlowOnHC #digitalhealth #healthtech

Image for twitter card

Google Research and DeepMind develop AI medical chatbot

digitalhealth.net A new AI-powered medical-specific chatbot developed by Google and DeepMind has shown some potential for clinical applications.

paper.li

Reply on Twitter 1620535759902998528 Retweet on Twitter 1620535759902998528 0 Like on Twitter 1620535759902998528 0 Twitter 1620535759902998528
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
7h 1620524933863378944

ICYMI> Paul Schrimpf, at Prophet Consulting, Driving Health Care Transformation — Harlow on Healthcare https://healthblawg.com/2022/12/paul-schrimpf-prophet-consulting.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Paul Schrimpf, at Twitter feed image.
Reply on Twitter 1620524933863378944 Retweet on Twitter 1620524933863378944 0 Like on Twitter 1620524933863378944 0 Twitter 1620524933863378944
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
12h 1620445622955278337

Moonshots — StartUp Health https://paper.li/healthblawg/1369855999?read=https%3A%2F%2Fwww.startuphealth.com%2Fmoonshots #hcldr

Reply on Twitter 1620445622955278337 Retweet on Twitter 1620445622955278337 0 Like on Twitter 1620445622955278337 0 Twitter 1620445622955278337
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]