Two new HHS Office of Inspector General audits raise concern on health IT security issues, Modern Healthcare reports.
Office of Civil Rights Audit Details
In one report, the inspector general points to lax HIPAA enforcement standards at the HHS Office for Civil Rights.
The report referred to data from audits at seven hospitals that found weaknesses in IT security measures for electronic protected health information.
The report added that neither HHS’ civil rights office nor CMS, which previously oversaw HIPAA security issues, had conducted security audits (Conn, Modern Healthcare, 5/17).
ONC Audit Details
A separate HHS OIG audit said that the Office of the National Coordinator for Health IT failed to advance IT security requirements (AP/Washington Post, 5/17).
The report examined ONC’s interim final rule and final rule on standards, implementation specifications and certification criteria for the meaningful use program.
According to the report, ONC included in the final rule “application security controls” that function within health IT products but did not include “general IT security controls” (Modern Healthcare, 5/17).
Response to the Reports
The HHS Office for Civil Rights expressed concern over whether investigators could draw comprehensive conclusions from the audits of seven hospitals. The office added that it regularly performs compliance reviews on breaches that affect at least 500 individuals.
Meanwhile, ONC said it is trying to find a balance between promoting electronic health record adoption and adding burdensome requirements. The office said it would “actively explore” stronger safety measures (AP/Washington Post, 5/17).
Source: iHealthBeat
