A Government Accountability Office report found the Department of Health and Human Services’ privacy and security guidelines for complying with HIPAA do not meet other federal guidelines, Health Data Management reports. The GAO found the HHS’ guidance does not address all of the elements within the Cybersecurity Framework created by the National Institute of Standards and Technology. The report states HHS inadequately informs how covered entities should curate their implementations of key security controls, including the growth of risk responses. “Until these entities address all the elements of the NIST Cybersecurity Framework, their EHR systems and data are likely to remain unnecessarily exposed to security threats,” the report states.
Full Story
Comments
If you want to comment on this post, you need to login.