OPM’s IT security protocols are still underperforming, even in the healthcare data category, an OIG audit report shows.
Following the massive data breach at the Office of Personnel Management (OPM) earlier this year, the Office of the Inspector General (OIG) has released an audit report detailing several IT security issues at the agency.
Although the data breach prompted OPM to perform an overhaul of its IT security protocols, OIG still found considerable gaps in security, including in healthcare data security.
Although the OPM data breach included more than just health information, the OIG audit report shows a need to increase security for health information. For example, OIG found that healthcare and insurance information was one of seven categories that failed a security control testing metric.
Furthermore, healthcare and insurance is one of several categories that have overdue Plans of Action and Milestones (POA&Ms). OIG emphasized the urgency of OPM’s need to renew the systems’ POA&Ms.
Healthcare and insurance systems also failed to update their contingency plans, which are required plans according to the OPM handbook.
“Contingency Plans shall be reviewed, updated, and tested at least annually to ensure its effectiveness,” the handbook says.
from health IT caucus http://ift.tt/1lMeRNG
via IFTTT
No comments:
Post a Comment