Filed Under:Health Insurance, Individual Health

Data security office has bad data security

(HHS image)
(HHS image)

The federal agency that enforces health data security regulations did a poor job of protecting the data it was using in its own investigations.

Officials at the Office of Inspector General at the U.S. Department of Health and Human Services announced that conclusion in this latest report.

Thomas Salmon and other HHS OIG staffers were looking at the efforts of the HHS Office for Civil Rights to enforce the Health Insurance Portability and Accountability Act health data Security Rule.

The HIPAA Security Rule exposes any covered entity or associate that uses personal health information — including brokers — to the prospect of having to pay big fines for violations.

The office did develop guidance for implementing the rule, and it set up an investigation process for responding to reports of violations, HHS OIG officials said.

But the office hasn’t come up with a process for auditing covered entities regularly to make sure they’re actually complying with the requirements, officials said. 

Federal statutes require HHS to run a health data security audit program. 

Moreover, even when office investigators did look into complaints, they failed to meet investigation documentation standards. 

In addition, the office failed to comply with federal requirements for the three computer systems it used to support its investigations, and it failed to go through a formal risk management process for two of the three systems, officials said.

The office "focused on system operability to the detriment of system and data security," officials said.

"Exploitation of system vulnerabilities, normally identified through the risk management process, could impair OCR's ability to perform functions vital to its mission," officials said.

Featured Video

Most Recent Videos

Behind the scenes with Vicki Gunvalson [VIDEO]


In this exclusive interview, Vicki Gunvalson shares how she built a $15 million a year annuity business by planning for...

Regulator: Market may need to reinvent LTCI


Cioppa says Maine's governor wants to spur the creation of better products.

Dementia: It's more than Alzheimer's


An association calls for policymakers to remember lesser-known neurodegenerative conditions.

Protesters Disrupt WellPoint Annual Meeting


Hecklers call for more disclosures of information about political contributions.

Related resources

More Resources


Power your business with up-to-the-minute insurance news, analysis, and best practices from LifeHealthPro Daily eNewsletter – FREE.

Power your business with LifeHealthPro Daily eNewsletter – FREE.

Enter a valid email address.
Nichole Morford

Nichole Morford
Managing Editor

Thank you for subscribing to LifeHealthPro Daily!

Check Out More eNewsletters Now! Close

Advertisement. Closing in 15 seconds.