Federal Audits Find HIT Security Problems at CMS, ONC
OIG called on HHS' Office of Civil Rights to continue a compliance review that began in 2009 to ensure that controls are in place to protect ePHI at covered entities.
OIG's Audit of Information Technology Security Included in Health Information Technology Standards examined ONC's mandate under the HITECH Act to develop HIT security as part of a national HIT interoperability infrastructure. The audit found "no HIT standards that included general information IT security controls … which provide the structure, policies, and procedures that apply to a healthcare provider's overall computer operations, ensure the proper operation of information systems, and create a secure environment for application systems and controls."
OIG said the findings on ONC, when combined with vulnerabilities found in earlier audits of hospitals, Medicare contractors, and state Medicaid agencies, "raise concern about the effectiveness of IT security for HIT if general IT security controls are not addressed."
ONC concurred with the audits recommendations that it:
- Broaden its focus from interoperability specifications to also include well-developed general IT security controls for supporting systems, networks, and infrastructures;
- Provide guidance to the health industry on established general IT security standards and IT industry security best practices;
- Emphasize to the medical community the importance of general IT security;
- Coordinate with CMS and HHS' Office for Civil Rights to add general IT security controls where applicable.
The complete ONC report may be viewed here.
- FDA hopes hospitals will switch to newly regulated pharmacies
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Why You Should Involve Patients in Nursing Handoffs
- Not-for-Profit Hospitals Find Opportunity Amid Uncertainty
- Substance Abuse Resurfaces Among Anesthesiologists in Training
- The Most Polarizing Topics in Healthcare IT
- Safety Net Executives Renew Call to Preserve DSH Payments
- Douglas Hawthorne—A Chance to Do Something Big