GAO report faults HHS’ security
HIPAA Weekly Advisor, March 27, 2006
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
"Significant weaknesses in information security controls" increase the risk of a data breach at HHS, according to a forthcoming Government Accountability Office (GAO) report. The GAO claims that HHS has failed to establish many basic security controls, reports USA Today.
According to USA Today, GAO investigators reviewed HHS' 2004 and 2005 management and audit reports and found the following:
- Lack of up-to-date antivirus software
- Inadequate employee background checks
- Inadequate password controls
- Inadequate physical security, including broken surveillance cameras and unrestricted data center access
HHS contests the GAO's findings. "The frequent use of the word 'significant' to describe control weaknesses ... evokes a negative connotation that is not reflective of the progress or current state of HHS' information security program," the department stated in a written response obtained by USA Today.
Click here to read the USA Today article.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- Identify potential Medicaid RAC target areas
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched