A byline in the Oct. 4 Business section misspelled the name of Associated Press writer Kevin Freking.
Medicare Patient Data Insecure, GAO Says
|
TOOLBOX
   Resize
COMMENT
 Discussion Policy
 CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Who's Blogging  |
Wednesday, October 4, 2006
Security weaknesses have left millions of elderly, disabled and poor Americans vulnerable to unauthorized disclosure of their medical and other personal records, federal investigators said yesterday.
The Government Accountability Office said it found 47 weaknesses in the computer system used by the Centers for Medicare and Medicaid Services to send and receive bills and to communicate with health-care providers.
The agency oversees health-care programs that benefit one in four Americans. Its data are transmitted through a computer network that is privately owned and operated.
The CMS did not always ensure that its contractor followed the agency's security policies and standards, according to the GAO.
"As a result, sensitive, personally identifiable medical data traversing this network are vulnerable to unauthorized disclosure," the federal investigators said.
CMS administrator Mark McClellan said that the agency was working to address problems cited in the report but noted that the GAO "found no evidence that confidential or sensitive information had actually been compromised."
The network handling Medicare claims transmits information, such as a patient's diagnosis, drugs and treatment facility, as well as Social Security numbers, addresses and dates of birth, the investigators said.
The investigators and CMS emphasized that the report focuses solely on the transmission of data. The auditors did not evaluate security controls for the servers used to store patient data.
Sen. Charles E. Grassley (R-Iowa) said Medicare and Medicaid officials need to respond quickly to the GAO findings.
"Beneficiaries and providers expect that sensitive health information is protected, and it's up to the agency officials to ensure the system is secure," said Grassley, chairman of the Senate Finance Committee.
CMS officials said they have corrected 22 of the 47 weaknesses cited by GAO auditors. Nineteen more are scheduled to be resolved soon, and the remaining six are under review.
