The federal agencies operate under the Federal Acquisition Regulation (FAR), which governs federal agencies in the process of acquiring goods and services—in this case, hiring contractors who handle sensitive information.
The GAO recommends additional safeguards to FAR, including:
DHS agreed with the recommendations, the GAO said, but DOD and HHS did not respond.
HHS did not immediately answer an e-mail from HealthLeaders Media Monday.
Senator Tom Carper (D-Del.), chairman of the U.S. Senate Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, said in a statement that "there have been an unacceptably high number of data breaches that have left individuals, at times, the victim of serious financial crime or, more often, fearful that their personal information will be compromised."