The Department of Health and Human Services (HHS), which has been doling out millions in fines for failing to protect the privacy of patient information, has been found wanting in that area by the department’s Office of the Inspector General (OIG).
One audit cited the Office of the National Coordinator for Health IT (ONC) for its poor performance in ensuring that patients’ health information was secure and adequately protected in implementing a nationwide interoperable health IT (HIT) infrastructure.
The OIG found that ONC did not have in place sufficient general IT security controls, such as encrypting data stored on mobile devices, requiring two-factor authentication when remotely accessing the health IT system, and patching the operating systems of computers that process and store electronic health records.
“We found a lack of general IT security controls during prior audits at Medicare contractors, State Medicaid agencies, and hospitals. Those vulnerabilities, combined with our findings in this audit, raise concern about the effectiveness of IT security for HIT if general IT security controls are not addressed”, the OIG said. Read More
