Medicare is collecting information on millions of Americans and failing to keep it secure, the Government Accountability Office says in a forthcoming report.
Even as the Centers for Medicare & Medicaid Services holds you to high standards of security under the Health Insurance Portability and Accountability Act, the GAO claims the agency itself is leaving beneficiary info open to thieves and pranksters, according to USA Today.
The GAO found "significant weaknesses in information security controls," which increase the risk that someone could obtain, modify or destroy Medicare patients' information. The Department of Health & Human Services spent $5 billion on information technology in 2005, but had absent or out-of-date antivirus software, employees and contractors working without background checks, inadequate control over passwords and weak physical security.
"Instead of firewalls to safeguard sensitive data, we have Swiss cheese," Senate Finance Committee Chair Chuck Grassley (R-IA) said. HHS responded that the GAO report was too harsh, and that the department reduced its reportable deficiencies by 57 percent in 2005.
Meanwhile, CMS isn't providing enough information on Program Safeguard Contractors (PSC) in its evaluation reports, the HHS Office of Inspector General claims.
CMS' reports on the PSCs "contained minimal information about [PSC] achievements related to detecting and deterring fraud and abuse under benefit integrity task orders," the OIG charges.
The OIG wants CMS to include quantitative information about PSCs' fraud and abuse detection and deterrence activities in the reports. But CMS argues that including such information "may compromise investigations and create perverse incentives." The report is at: http://oig.hhs.gov/oei/reports/oei-03-04-00050.pdf.