News
Article
Although healthcare.gov is substantially more secure than when it launched in 2013, major security issues continue to put user data and system infrastructures at risk, according to a new report by the U.S. Government Accountability Office (GAO).
Although healthcare.gov is substantially more secure than when it launched in 2013, major security issues continue to put user data and system infrastructures at risk, according to a new report by the U.S. Government Accountability Office (GAO).
The report, released September 16, identified weaknesses in the technical controls of the website around confidentially, integrity and availability.
On September 18, Marilyn Tavenner, administrator for the Centers for Medicare and Medicaid Services (CMS) said at a congressional hearing that the CMS will soon conduct a security assessement of the site's vunerabilities.
Healthcare.gov, established by the Affordable Care Act (ACA), is an aggregator of health insurance plans for all 50 states. The main Marketplace system serves as an enrollment portal for 34 states, while the Federal Data Services Hub (data hub) provides connectivity between the Marketplace system and other state and federal systems. The report addressed security concerns regarding both the Marketplace system and the data hub.
The GAO notes that multiple federal agencies, some of which serve as eligibility checkpoints, exchange information with healthcare.gov including the U.S. Departments of Defense and Homeland Security, the Internal Revenue Service, and the Social Security Administration. Many commercial entities also exchange information with the site, including contractors for the CMS and administrators of health insurance plans.
READ: DC appeals court decision undermines hopes of ACA opponents
TRENDING
Meaningful Use 2
Oncology: Practice Management · Preparing for ICD-10 · Obesity Management · EHR Best Practices
- See more at: http://medicaleconomics.modernmedicine.com/medical-economics/news/dc-appeals-court-decision-undermines-hopes-aca-opponents#sthash.AW9ncufS.dpuf
TRENDING
Meaningful Use 2
Oncology: Practice Management · Preparing for ICD-10 · Obesity Management · EHR Best Practices
- See more at: http://medicaleconomics.modernmedicine.com/medical-economics/news/dc-appeals-court-decision-undermines-hopes-aca-opponents#sthash.AW9ncufS.dpuf
TRENDING
Meaningful Use 2
Oncology: Practice Management · Preparing for ICD-10 · Obesity Management · EHR Best Practices
- See more at: http://medicaleconomics.modernmedicine.com/medical-economics/news/dc-appeals-court-decision-undermines-hopes-aca-opponents#sthash.AW9ncufS.dpuf
While CMS, which oversees healthcare.gov, has taken many steps to improve site security since launch, the report said it has still not fully mitigated weaknesses surrounding:
The report notes that healthcare.gov must conform to federal requirements protecting systems and data. It includes six recommendations to improve the security and privacy of the site:
The U.S. Department of Health and Human Services (HHS), which has top-level oversight of healthcare.gov, disagreed with some of the GAO’s recommendations and agreed with others. In a four-page letter included in the report, HHS said that CMS conducts “continuous monitoring using a 24/7, multi-layer IT professional security team, added penetration testing, and a change management process that incudes ongoing testing and mitigation strategies implemented in real time.”
The site was hacked on July 8 but the hack was not discovered until August 25, according to the Washington Post. The hack was limited to one server that was not connected to other servers, and consumer personal data was not compromised. The Department of Homeland Security launched an investigation following the hack, believed to be the site’s first, said the Post.