Most Popular Stories
- Cloud-based EHRs raise data rights questions
- Study: E-prescribing improves medication adherance
- Texting helps with at-risk pregnancies, Partners plans to expand program
- Healthcare jobs will grow the fastest of all industries
- GE to discontinue EHR stand-alone product
- Health network hires ONC's community college consortia students for EHR implementation
Featured Jobs
-
ICD-10 Revenue Cycle, Manager
Meditology Services - Atlanta, GA -
Epic Ambulatory Beacon Consultant
Meditology Services - NC
Events
- IHI's Transforming the Primary Care Practice
May 1-3, 2012 — San Diego, CA - Wharton Health Care Business Conference
Feb 16-17 — Philadelphia, PA - ICD-10 Reality Check - Breakfast Panel at HiMSS 2012!
February 22, 2012 - AHIP's Institute 2012
June 20-22 — Salt Lake City, UT
Paid Research Reports
- Electronic health records: getting it right first time
- Cloud Computing Adoption In The APAC Life Sciences Industry
- Stakeholder Opinions: Ophthalmology - Leading brands under threat
- Genomics, Proteomics and Metabolomics in Diagnostics: Market landscape, innovative technologies and future outlook
- Healthcare Regulatory Update: The United Arab Emirates
- Point of Care Testing: Evaluating the return to evidence based medicine, novel technologies and the competitive landscape
Latest News
Free Newsletter
FierceHealthIT is the leading source of Healthcare IT news with a special focus on CPOE, EMR adoption, HIPAA compliance and other critical areas. Join 44,00 healthcare industry insiders who get FierceHealthIT via daily email for their must know IT news. Sign up today!
About | View Sample | Privacy
Top Tags
Whitepapers
- A Modest Recipe for Retail Clinics 2.0
- Warning Signs of a Distressed Hospital
- What you need to know in planning and budgeting for digital signage in healthcare
- Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
- Nonprofit Healthcare: What does the future hold?
- Ten Security and Reliability Questions to Address Before Implementing ECM
CMS security holes expose patient data
A new study by the Government Accountability Office has concluded that the systems used by the Centers for Medicare and Medicaid Services (CMS) to send and receive bills and communicate with providers are riddled with at least 47 security holes. According to the GAO, the CMS network hasn't implemented sufficiently secure user identification and authentication, user authorization, system boundary protection, cryptography, and auditing and security event monitoring. CMS also failed to make sure that network users' duties were adequately segregated and that network devices were configured securely, GAO said. It seems that the contractor managing the CMS network--for how much longer, we wonder?--has not always followed CMS security guidelines.
As a result, intruders could theoretically have accessed highly confidential data, including a patient's name, sex, date of birth, Social Security number, mailing address, diagnosis, prescribed drugs and physician's name. In a public statement responding to the report, CMS administrator Mark McClellan said that 22 of the holes have been patched since the audit was done in late 2005, though he admitted that as many as 17 others might not be fixed until January 2007 or beyond. McClellan did insist that no one had discovered and exploited these vulnerabilities as of yet. Still, something is definitely broken: in fact, a previous GAO study found that 40 percent of CMS Medicaid, Medicare and Tricare contractors had seen breaches of private healthcare information. Would security-lax contractors still have a job if they were working for private industry? If not, why are they still getting tax dollars? Your guess is as good as mine.
To get more details on CMS's security woes:
- check out this piece from TechWeb
- read the GAO report (.pdf)
Related Stories
- GAO: Gov't HIT efforts lack privacy, security
- Massive data loss at HCA
- GAO says HHS isn't protecting medical data privacy adequately
- GAO warns of widespread ID security breaches
- MN requires insurers, providers to file electronically
- VA could spend $20M on data breach response
- Major problems remain with quality data collection
- HHS backs genetics-driven, HIT-focused healthcare
- HHS grants improve Medicaid data management
- Maine struggles with Medicaid billing system
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| Editors | List in Marketplace | Supplier in MarketplaceTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
![]() |
