The Office of Management and Budget conducted an assessment of HHS and in its annual report determined the agency's security program was "not effective," according to the HIPAA Journal.
For its report to Congress, OMB evaluated four of the 12 operating divisions of HHS to determine its compliance with the Federal Information Security Modernization Act of 2014.
Of the operating divisions assessed, the report concluded that HHS has a long way to go to improve its security position. The report found major weaknesses in identity and access management, risk management, contingency planning and incident response.
The OMB said that HHS was aware of the opportunities to improve its security program. HHS has been working to improve its policies and procedures throughout all operating divisions.
"HHS also needs to continue to build towards a working model where all the functional areas interact with each other in real-time and provide holistic and coordinated responses to security events," the report said, according to the HIPAA Journal. "This will help to strengthen all aspects of its information security program in order for HHS to achieve its mission through an effective and coordinated information security program."
To access the complete report, click here.