Home / Technology / GAO Recommends HHS to Update EHR Cyber & Privacy Guidance

GAO Recommends HHS to Update EHR Cyber & Privacy Guidance

electronic-health-record-EHRThe Government Accountability Office has asked the Department of Health and Human Services to update its guidance for associated healthcare entities on how to protect electronic health records against cyber threats and privacy violations.

GAO said in a report posted Monday HHS’ Health Insurance Portability and Accountability Act guidance for EHR security and privacy does not address how entities should implement security controls that the National Institute of Standards and Technology has identified.

Auditors added HHS should improve its technical assistance to covered entities during security and privacy breach investigations and that the department should follow up on corrective actions after cases have been closed.

GAO found that HHS’ civil rights office gave technical assistance that was not relevant to identified problems during some investigations on security and privacy complaints.

The government watchdog said HHS did not always check whether corrective actions have been implemented after investigative cases were closed.

HHS’ civil rights office created a program to audit covered entities’ security and privacy initiatives but the office has yet to establish benchmarks to evaluate the effectiveness of that evaluation program, GAO’s report stated.

GAO recommended HHS establish metrics to assess the effectiveness of its audit program.

Check Also

DHS Releases Statement on Bloomberg Report on Alleged Server Hacking Incident

The Department of Homeland Security over the weekend issued a statement regarding a Bloomberg report alleging that around 30 U.S. companies, including Amazon and Apple, have been victimized by a hardware hack carried out by a special unit of the Chinese Army. The DHS said that “at this time we have no reason to doubt the statements from the companies named in the story.” Amazon and Apple have rejected the Bloomberg story. Super Micro Computer, Inc., the manufacturer of the servers that have reportedly been compromised, has issued a denial as well.

Leave a Reply

Your email address will not be published. Required fields are marked *