Home / Technology / GAO Recommends HHS to Update EHR Cyber & Privacy Guidance

GAO Recommends HHS to Update EHR Cyber & Privacy Guidance

electronic-health-record-EHRThe Government Accountability Office has asked the Department of Health and Human Services to update its guidance for associated healthcare entities on how to protect electronic health records against cyber threats and privacy violations.

GAO said in a report posted Monday HHS’ Health Insurance Portability and Accountability Act guidance for EHR security and privacy does not address how entities should implement security controls that the National Institute of Standards and Technology has identified.

Auditors added HHS should improve its technical assistance to covered entities during security and privacy breach investigations and that the department should follow up on corrective actions after cases have been closed.

GAO found that HHS’ civil rights office gave technical assistance that was not relevant to identified problems during some investigations on security and privacy complaints.

The government watchdog said HHS did not always check whether corrective actions have been implemented after investigative cases were closed.

HHS’ civil rights office created a program to audit covered entities’ security and privacy initiatives but the office has yet to establish benchmarks to evaluate the effectiveness of that evaluation program, GAO’s report stated.

GAO recommended HHS establish metrics to assess the effectiveness of its audit program.

Check Also

Navy Expects USS Gerald R. Ford’s Advanced Arresting Gear Ready in 2019

The U.S. Navy aims to begin the expansion of aircrafts that can be launched and recovered from the next-generation aircraft carrier USS Gerald R. Ford by end of 2019, USNI News reported Wednesday. Commander Mehdi Akacem, Ford’s air boss, said the service awaits the launch and recovery bulletins needed to put the ship’s Electromagnetic Aircraft Launch System and Advanced Arresting Gear in service. 

Leave a Reply

Your email address will not be published. Required fields are marked *