“Recent data breaches have highlighted the importance of ensuring the security of health information, including Medicare beneficiary data. Such data are created, stored, and used by a wide variety of entities, such as health care providers, insurance companies, financial institutions, researchers, and others.”
“GAO was asked to conduct a study of CMS efforts to protect Medicare beneficiary data accessed by external entities. GAO’s objectives were to (1) identify the major external entities that collect, store, and process Medicare fee-for-service beneficiary data; (2) determine whether requirements for the protection of Medicare beneficiary data align with federal guidance; and (3) assess CMS oversight of the implementation of those requirements…”
“GAO recommends that CMS develop additional guidance for researchers on implementing security controls required by CMS, consistently track results of independent assessments, and provide oversight of researchers and qualified entities. CMS concurred with GAO’s three recommendations and described actions…” Read the full report here.
Source: CMS Oversight of Medicare Beneficiary Data Security Needs Improvement – April 5, 2018. GAO.gov.
