Home
   
  

Weblog Archives

Personal Home Page

My FM Home Page

In Association with Amazon.com

Listen
Listen to Hober

Civilian casualties update
 
 
  Sunday   October 8   2006       12: 41 AM

Swell! So, now the Medicare /Medicaid fiasco has yet another new wrinkle. The data is NOT secure, and our private information, our very very personal health information, financial information etc, could be accessed.

Not only does this system hurt many people who are in need, but now, everyone's HIPPA-protected [read: PIA, just adds paperwork] has a fatal flaw -- the sensitive information on the computer might be disclosed without proper authorization!

Below is from the NYT:

Medicare and Medicaid Security Gaps Are Found


October 8, 2006 -- By ROBERT PEAR

WASHINGTON, Oct. 7 — Federal investigators say they have found serious computer security flaws that could lead to the improper disclosure of sensitive medical information on people enrolled in Medicare and Medicaid.

In a new report, the investigators, from the Government Accountability Office, said “key information security controls were missing” from a huge communication network used by the federal Centers for Medicare and Medicaid Services.

As a result, they said, sensitive, personally identifiable information “could be improperly modified, disclosed or deleted.” Moreover, the report said, “these weaknesses could lead to disruptions in services” to millions of Medicare and Medicaid beneficiaries.

The network is used to pay claims and to communicate with state Medicaid agencies, health care providers and many private contractors.

Dr. Mark B. McClellan, administrator of the Centers for Medicare and Medicaid Services, said none of the flaws had led to “actual security breaches.” Dr. McClellan said he was taking steps to fix the problems.

But the G.A.O. said Medicare officials would not necessarily know if a security breach had occurred because they had no “audit trail” to document use of the computer network, or a reliable way to detect intrusions into their computers.

In their report, the investigators described several problems:

¶The potential for unauthorized users to gain access to the agency’s computers because of a lack of strict password controls. Passwords are often so simple that outsiders can guess them.

¶Medicare and Medicaid data not being encrypted. “This could allow an attacker to view medical information” on beneficiaries.

¶A failure to keep complete records of who uses the network, so it cannot be determined who views or modifies files.

Senator Charles E. Grassley, Republican of Iowa, who requested the investigation, said Medicare officials needed “to get on top of these shortcomings immediately.”

“Beneficiaries not only rely on Medicare for their health care coverage,” said Mr. Grassley, chairman of the Finance Committee, which oversees Medicare and Medicaid, “they expect that the private information they entrust to the government is kept private, safe and secure.”

Concern about computer security has increased since May, when the Department of Veterans Affairs reported a laptop computer with personal information on millions of veterans had been stolen from the home of an agency employee.

Dr. McClellan said, “We are very concerned about the specific control weaknesses” identified in the latest report. The computer network carries immense amounts of data with personal information on beneficiaries, including name, sex, date of birth, Social Security number and home address. The network also transmits medical and financial information, showing the diagnosis of a patient’s illness, prescriptions, names of doctors and hospitals, services provided and the amounts paid.

Daniel R. Levinson, the inspector general at the Department of Health and Human Services, and his predecessors have expressed concern about weaknesses in Medicare computer security. The weaknesses “could ultimately result in unauthorized disclosure of sensitive information, improper Medicare payments or disruption of critical operations,” Mr. Levinson warned last year.

The computer network connects the Centers for Medicare and Medicaid Services with banks, insurance companies, hospitals, nursing homes, health plans, other federal agencies and private contractors that pay claims for the government.

Medicare paid more than 1.1 billion claims last year. The size of its computer network and the number of transactions increased this year with the addition of a prescription drug benefit. The new program fills more than three million prescriptions a day. Insurers must file detailed data on each transaction.

In June, Medicare officials warned Humana after a company employee left personal information on 17,000 Medicare beneficiaries unsecured on a hotel computer in Baltimore.

The Bush administration is encouraging adoption of electronic health records and is urging doctors to send prescriptions electronically to drugstores. It is also asking beneficiaries to keep track of their health information, including Medicare claims and prescriptions, by using a new online service at www.MyMedicare.gov. In fine print, the government says it “does not warrant the accuracy” of information on the Web site.

##