HHS Inspector General: Security Concerns Abound in Rush to Deploy EHRs

The Department of Health & Human Services' Office of Inspector General has released two reports that found security gaps abound as hospitals and other healthcare providers rush to deploy electronic health records and qualify for meaningful use incentive payments.

In one report, the OIG concluded "CMS oversight and enforcement actions were not sufficient to ensure that covered entities, such as hospitals, effectively implemented the Health Insurance Portability and Accountability Act of 1996 Security Rule." The HIPAA Security Rule was passed to protect individual's electronic personal health information and requires covered entities to establish the appropriate safeguards to ensure the security of electronic health information.

The OIG made its conclusion and released its report following an audit of seven hospitals, which turned up 151 total vulnerabilities in the hospitals' systems and controls. Vulnerabilities ranged from unsecure access to electronic information, ineffective encryption and lack of authentication to enter a wireless network. In its report, the OIG recommended the Office for Civil Rights continue the compliance review process CMS began in 2009 and implement measures to ensure controls are in place at covered entities.

The OIG also released a second report, in which it concluded the Office of the National Coordinator for Health IT did not provide any standards that included general information IT security controls, which are the structure, policies and procedures that apply to an entity's overall computer operations in order to create a secure environment for systems and controls.

In this report, the OIG made several recommendations to the ONC, including using its leadership role to provide the health industry with established general IT security standards and IT industry security best practices.

Related Articles on Health IT Security:
Oregon's Dunes Family Health Care Posts Notice of Data Breach
Stolen Laptop Contained Information for 6K Patients of New Hampshire's Speare Memorial Hospital
ONC Tiger Team Seeks Comments on Privacy, Security Framework

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars