Wednesday, October 04, 2006

GAO: CMS' medical data susceptible to hackers

Here are a few opening paragraphs that ought to startle even the most jaded government bureaucrat:

Security weaknesses have left millions of elderly, disabled and poor Americans vulnerable to unauthorized disclosure of their medical and personal records, federal investigators said Tuesday.

The Government Accountability Office said it discovered 47 weaknesses in the computer system used by the Centers for Medicare and Medicaid Services to send and receive bills and to communicate with health care providers.

The agency oversees health care programs that benefit one in every four Americans. Its massive amount of data is transmitted through a computer network that is privately owned and operated.

However, CMS did not always ensure that its contractor followed the agency's security policies and standards, according to the GAO report released Tuesday.

"As a result, sensitive, personally identifiable medical data traversing this network are vulnerable to unauthorized disclosure," the federal investigators said. "And these weaknesses could lead to disruptions in CMS operations."

There is more here: AP/MyWay. The GAO report is here (pdf).

Oh, and back to the government bureaucrat who should be at least a little alarmed that there are 47 access points for hackers to gain access to the medical records of 1 out of 4 Americans. CMS administrator Mark McClellan -- who, with a Ph.D. in economics and an M.D., presumably knows when he is commenting on the story he wished he had read rather than the story that he was actually reading -- commented that the GAO "found no evidence that confidential or sensitive information had actually been compromised."
posted by tommayo, 1:41 PM

Health care law (including public health law, medical ethics, and life sciences), with digressions into constitutional law, poetry, and other things that matter