OIG raps HHS agencies for lax PHI security

2011-05-19 06:43

http://www.cmio.net/index.php?option=com_articles&view=article&id=27819 By Editorial Staff CMIO.net May 18, 2011 The U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) has released two reports released two reports that question HHS agencies' efforts to secure electronic protected health information. An OIG audit cited the Office of the National Coordinator for Health IT (ONC) for its lackluster efforts in ensuring that patients' individually identifiable health information is secure and adequately protected for nationwide implementation of interoperable health IT. A second report criticized the Centers for Medicare & Medicaid Services (CMS) lax enforcement of the HIPAA security rule prior to June 2009. The CMS report To determine the sufficiency of CMSâs oversight and enforcement actions pertaining to hospitalsâ implementation of the HIPAA Security Rule, OIG conducted audits at seven covered hospitals around the country and found that CMSâ oversight and enforcement actions were not sufficient to ensure that covered entities, such as hospitals, effectively implemented the security rule, according to the report. âAs a result, CMS had limited assurance that controls were in place and operating as intended to protect electronic personal health information, thereby leaving electronic personal health information vulnerable to attack and compromise,â the reported stated. [...]

News URL

http://www.cmio.net/index.php?option=com_articles&view=article&id=27819

#security