After examining the security and privacy of the Healthcare.gov website and its supporting systems at CMS, the Government Accountability Office published a report with 6 security management and 22 technical security recommendations.
After examining the security and privacy of the Healthcare.gov website and its supporting systems at CMS, the Government Accountability Office (GAO) published a report with 6 security management and 22 technical security recommendations.
When the federal insurance exchange website launched October 2013, CMS accepted increased security risks, according to GAO. At the time, 4 states had not completed all CMS security requirements, but were allowed to connect to the data hub anyway. Furthermore, security controls for the federally facilitated marketplace (FFM) had not been tested for a fully integrated version of the system.
“While CMS has security and privacy-related protections in place for Healthcare.gov and related systems, weaknesses exist that put these systems and the sensitive personal information they contain at risk,” according to the GAO.
Some of the security control weaknesses that could threaten Healthcare.gov and related systems include not always requiring or enforcing strong passwords on systems supporting the FFM; some supporting systems were not restricted from accessing the Internet; and CMS did not consistently apply security patches in a timely manner.
GAO also identified boundary protection, identification and authentication, authorization, and configuration management weaknesses.
“Collectively, these weaknesses put Healthcare.gov systems and the information they contain at increased and unnecessary risk of unauthorized access, use, disclosure, modification, and loss,” the report’s authors wrote.
GAO made the following 6 recommendations aimed at improving security management of Healthcare.gov:
1. Ensure that system security plans for the FFM and data hub contain all information recommended by the National Institute of Standards and Technology.
2. Ensure that all privacy risks associated with Healthcare.gov are analyzed and documented in privacy impact assessments.
3. Develop computer matching agreements with Office of Personnel Management and the Peace Corps to govern data that are being compared with CMS data to verify eligibility for advance premium tax credits and cost-sharing reductions.
4. Perform a comprehensive security assessment of the FFM, including the infrastructure, platform, and all deployed software elements.
5. Ensure that the planned alternate processing site for the systems supporting Healthcare.gov is established and made operational in a timely fashion.
6. Establish detailed security roles and responsibilities for contractors, including participation in security control reviews, to better ensure effective communication among individuals and entities with responsibility for the security of the FFM and its supporting infrastructure.
In response to the GAO’s report, CMS Administrator Marilyn Tavenner said at a congressional hearing on September 18 that CMS plans to perform a comprehensive security assessment of Healthcare.gov by the end of September, according to Modern Healthcare. She added that CMS would put in place all the recommendations by the time open enrollment begins on November 15.
Beyond Insulin: The Impact of Next-Generation Diabetes Technology
April 17th 2024Experts explain how new diabetes technologies like continuous glucose monitors are transforming care beyond intensive insulin therapy, offering personalized insights and improving outcomes for patients of all treatment levels.
Read More
Emily Goldberg Shares Insights as a Genetic Counselor for Breast Cancer Risk Screening
October 30th 2023On this episode of Managed Care Cast, Emily Goldberg, MS, CGC, a genetic counselor at JScreen, breaks down how genetic screening for breast cancer works and why it is so important to increase awareness and education around these screening tools available to patients who may be at risk for cancer.
Listen
Study Suggests Walking 10K Steps Daily Improves QOL in Severe Hemophilia
April 12th 2024Among a small group of patients with severe hemophilia, researchers found that getting in more than 10,000 steps each day was linked to significant improvements in perceived physical health and quality of life (QOL).
Read More
Examining Telehealth Uptake to Increase Equitable Care Access
January 26th 2023To mark the publication of The American Journal of Managed Care®’s 12th annual health IT issue, on this episode of Managed Care Cast, we speak with Christopher M. Whaley, PhD, health care economist at the RAND Corporation, who focuses on health economics issues, including the influence of the COVID-19 pandemic on health care delivery.
Listen
What We’re Reading: Telehealth Debate; STD Rise Among Older Adults; PFAS Limits in Water
April 10th 2024Lawmakers are under pressure to decide the fate of COVID-era telehealth payment changes; the CDC reports an alarming increase in sexually transmitted disease (STD) cases among Americans 55 years and older; new regulations aim to reduce harmful exposure to per- and polyfluoroalkyl substances (PFAS), also known as “forever chemicals.”
Read More