Centers for Medicare & Medicaid Services Did Not Account for National Security Risks in Its Enterprise Risk Management Processes [open pdf - 1MB]
From the Document: "We conducted this audit in response to a congressional request to determine whether the Centers for Medicare & Medicaid Services' (CMS's) enterprise risk management (ERM) process includes steps to identify and assess national security risks. The congressional request was prompted by a previous OIG [Office of Inspector General] audit that determined that national security risks were not adequately considered by the National Institutes of Health (NIH). Specifically, we found that NIH did not consider the risk presented by foreign principal investigators when permitting access to United States genomic data. The Congressmen stated that they are concerned that CMS also has not considered national security risks to its programs."
Department of Health and Human Services, Office of Inspector General, Report No. A-18-20-06200
U.S. Department of Health and Human Services Office of Inspector General