GAO: Medicare Agency Needs to Do More to Secure Beneficiary Data

A GAO report found that the Centers for Medicare and Medicaid Services isn’t ensuring beneficiary data is secure.

CMS shares Medicare beneficiary data with Medicare Administrative Contractors (MAC) that perform processing and distribution functions in support of the payment of Medicare benefits, research organizations (researchers) that use Medicare beneficiary data to study how healthcare services are provided to beneficiaries and qualified public or private entities that use claims data to evaluate the performance of Medicare service providers and equipment suppliers.

While CMS has developed guidance for MACs and qualified entities, it has not developed equivalent guidance for researchers. Researchers must adhere to broad government wide standards, but are not given guidance on which specific controls to implement.

CMS has also established an oversight program for the security of MAC data, but has not established a corresponding program to oversee security implementation by researchers and qualified entities. Without effective oversight measures in place for researchers and qualified entities, CMS cannot fully ensure that the security of Medicare beneficiary data is being adequately protected.

GAO recommends that the administrator of the Centers for Medicare and Medicaid Services develop and distribute guidance for researchers defining minimum security controls and implementation guidance for those controls that is consistent with the National Institute of Standards and Technology guidance. It also recommends developing processes and procedures to ensure that findings from all MAC assessments are classified consistently and tracked appropriately, and developing processes and procedures to ensure that qualified entities and researchers have implemented information security controls effectively throughout their agreements with CMS.

(Visited 1 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security