- The Washington Times - Sunday, March 26, 2006

Key health, financial, scientific and personal information collected and used by the government for federal programs such as Medicare and Medicaid isn’t being adequately protected from fraud and abuse, a government report has found.

The report, highlighted last week by the Government Accountability Office, discovered “significant weaknesses” in the information security at the Department of Health and Human Services (HHS) and its Centers for Medicare and Medicaid Services (CMS). The report said HHS “put at risk the confidentiality, integrity and availability of their sensitive information.”

Part of the problem cited in the report, which was completed last month, is that HHS hasn’t fully implemented its information security system.

Among the specific deficiencies: access to data was not always restricted when it should have been; anti-virus software wasn’t always installed or updated; network protection was inadequate in some areas; and encryption wasn’t used when sending certain sensitive information.

There were physical-security problems, too, including broken security cameras in key facilities; 440 persons being granted unrestricted access to a data center even though their jobs didn’t require it; and one HHS contractor using a private vehicle and an unlocked box to transport roughly 25,000 Medicare checks over a one-year period.

The GAO investigation was done at the request of Senate Finance Committee Chairman Charles E. Grassley, Iowa Republican.

HHS runs about 300 programs, including ones that cover health research, disease prevention, food and drug safety, assistance for preschool programs, child abuse and domestic-violence prevention, substance-abuse prevention and health care coverage — for the elderly and disabled in Medicare and the low-income in Medicaid.

Medicare and Medicaid offer care to about one in every four Americans.

“Now we’re learning that their medical, personal and financial information is vulnerable to fraud and abuse,” Mr. Grassley said Thursday after seeing the report.

“Instead of firewalls to safeguard sensitive data, we have Swiss cheese,” he said. Mr. Grassley said the agencies “have to once and for all implement their data-protection programs and put the security back into information security.”

HHS defended itself in an official memo that says the GAO report “does not provide an accurate or complete appraisal” of the agency’s information-protection efforts. The HHS document, attached to the GAO report, argued that HHS has “layering of safeguards” to protect its information, and says it began a successful departmentwide effort in 2005 to fix weaknesses and deficiencies.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide