Healthcare Business News

HHS needs to step up patient privacy protection: GAO

By Maureen McKinney
Posted: June 26, 2012 - 2:15 pm ET

HHS needs to strengthen its oversight of Medicare beneficiaries' protected prescription drug data, according to a newly released report from the Government Accountability Office.

In the 40-page report (PDF), the GAO acknowledged that HHS has taken some steps, such as issuing legislation and ramping up educational efforts, aimed at protecting the privacy and security of vulnerable patient data. But those actions have not gone far enough, the GAO argued.

"HHS has not issued required implementation guidance to assist entities in de-identifying personal health information including when it is used for purposes other than directly providing clinical care to an individual," the GAO said in the report. "This means ensuring that data cannot be linked to a particular individual, either by removing certain unique identifiers or by applying a statistical method to ensure that the risk is very small that an individual could be identified."

Advertisement | View Media Kit


The GAO also criticized HHS for making slow progress in establishing an audit system for assessing covered entities' compliance with privacy and security requirements. HHS has a pilot audit program in place but has no long-term plan for sustaining such review, the report stated.

"Without a plan for establishing an ongoing audit capability," the GAO said, HHS' Office for Civil Rights "will have limited assurance that covered entities and business associates are complying with requirements for protecting the privacy and security of individuals' personal health information."

What do you think?

Share your opinion. Send a letter to the Editor or Post a comment below.

Post a comment

Loading Comments Loading comments...



Switch to the new Modern Healthcare Daily News app

For the best experience of on your iPad, switch to the new Modern Healthcare app — it's optimized for your device but there is no need to download.