“The Government Accountability Office–GAO–released a report exploring how Medicare beneficiary data are being shared with external organizations. When caring for patient record data, it seems government needs a better bedside manner and more.”
“The Centers for Medicare and Medicaid Services–CMS–share data with outside companies for three main purposes: administrative outsourcing, research into care provision, and performance evaluation of service providers. The report found that CMS isn’t ensuring the same security controls across these three functions…”
“GAO determined that research organizations present the biggest risk group for CMS in terms of data security. While other entities receive specialized instructions regarding what security controls to implement, research organizations were merely expected to adhere to broad government-wide standards, such as the National Institute of Standards and Technology (NIST) framework…”
“GAO also looked at oversight and verification of security practices and found disparities…” Read the full article here.
Source: GAO Writes Prescription for CMS Patient Data Malady – April 25, 2018. MeriTalk.
