Electronic Health Information: CMS Oversight of Medicare Beneficiary Data Security Needs Improvement, Report to Congressional Requesters [open pdf - 4MB]
"Recent data breaches have highlighted the importance of ensuring the security of health information, including Medicare beneficiary data. Such data are created, stored, and used by a wide variety of entities, such as health care providers, insurance companies, financial institutions, researchers, and others. GAO (Government Accountability Office) was asked to conduct a study of CMS (Centers for Medicare and Medicaid Services) efforts to protect Medicare beneficiary data accessed by external entities. GAO's objectives were to (1) identify the major external entities that collect, store, and process Medicare fee-for-service beneficiary data; (2) determine whether requirements for the protection of Medicare beneficiary data align with federal guidance; and (3) assess CMS oversight of the implementation of those requirements. GAO analyzed information about how external entities access data, reviewed CMS documentation on who they share data with, compared federal standards with CMS security requirements for external entities, and analyzed results of independent security reviews. GAO also interviewed CMS officials about their oversight activities."
Government Accountability Office: http://www.gao.gov/