[Dataloss] Medicare Patient Data Insecure, GAO Says
Richard Forno
rforno at infowarrior.org
Wed Oct 4 13:15:38 EDT 2006
Medicare Patient Data Insecure, GAO Says
By Kevin Freaking
Associated Press
Wednesday, October 4, 2006; D02
http://www.washingtonpost.com/wp-dyn/content/article/2006/10/03/AR2006100301
430_pf.html
Security weaknesses have left millions of elderly, disabled and poor
Americans vulnerable to unauthorized disclosure of their medical and other
personal records, federal investigators said yesterday.
The Government Accountability Office said it found 47 weaknesses in the
computer system used by the Centers for Medicare and Medicaid Services to
send and receive bills and to communicate with health-care providers.
The agency oversees health-care programs that benefit one in four Americans.
Its data are transmitted through a computer network that is privately owned
and operated.
The CMS did not always ensure that its contractor followed the agency's
security policies and standards, according to the GAO.
"As a result, sensitive, personally identifiable medical data traversing
this network are vulnerable to unauthorized disclosure," the federal
investigators said.
CMS administrator Mark McClellan said that the agency was working to address
problems cited in the report but noted that the GAO "found no evidence that
confidential or sensitive information had actually been compromised."
The network handling Medicare claims transmits information, such as a
patient's diagnosis, drugs and treatment facility, as well as Social
Security numbers, addresses and dates of birth, the investigators said.
The investigators and CMS emphasized that the report focuses solely on the
transmission of data. The auditors did not evaluate security controls for
the servers used to store patient data.
Sen. Charles E. Grassley (R-Iowa) said Medicare and Medicaid officials need
to respond quickly to the GAO findings.
"Beneficiaries and providers expect that sensitive health information is
protected, and it's up to the agency officials to ensure the system is
secure," said Grassley, chairman of the Senate Finance Committee.
CMS officials said they have corrected 22 of the 47 weaknesses cited by GAO
auditors. Nineteen more are scheduled to be resolved soon, and the remaining
six are under review.
© 2006 The Washington Post Company
More information about the Dataloss
mailing list