[ISN] OIG raps HHS agencies for lax PHI security

From: InfoSec News <alerts_at_private>
Date: Thu, 19 May 2011 01:43:30 -0500 (CDT)

By Editorial Staff   
May 18, 2011

The U.S. Department of Health & Human Services (HHS) Office of Inspector 
General (OIG) has released two reports released two reports that 
question HHS agencies' efforts to secure electronic protected health 

An OIG audit cited the Office of the National Coordinator for Health IT 
(ONC) for its lackluster efforts in ensuring that patients' individually 
identifiable health information is secure and adequately protected for 
nationwide implementation of interoperable health IT. A second report 
criticized the Centers for Medicare & Medicaid Services (CMS) lax 
enforcement of the HIPAA security rule prior to June 2009.

The CMS report

To determine the sufficiency of CMS’s oversight and enforcement actions 
pertaining to hospitals’ implementation of the HIPAA Security Rule, OIG 
conducted audits at seven covered hospitals around the country and found 
that CMS’ oversight and enforcement actions were not sufficient to 
ensure that covered entities, such as hospitals, effectively implemented 
the security rule, according to the report.

“As a result, CMS had limited assurance that controls were in place and 
operating as intended to protect electronic personal health information, 
thereby leaving electronic personal health information vulnerable to 
attack and compromise,” the reported stated.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 18 2011 - 23:43:30 PDT

This archive was generated by hypermail 2.2.0 : Wed May 18 2011 - 23:48:46 PDT