CMS falls short on HIPAA security measures, OIG finds
CMS Acting Administrator Kerry Weems
Under the provisions of HIPAA, CMS was granted the authority to enforce rules of security. A recent OIG inspection, however, found numerous, significant vulnerabilities in the patient information safety system that put patient data at risk. As part of their inspection, OIG officials audited CMS security measures at one hospital. There they found significant vulnerabilities to the system that is meant to guard electronic protected health information.
It wasn't all bad news for CMS: The OIG report found tjat the agency had established a good system for receiving and processing complaints about security issues. Still, that alone was not enough to adequately safeguard patient information. Responding to the report, CMS Acting Administrator Kerry Weems said compliance reviews are but one of several tools to promote compliance.