GAO: HHS Has Not Implemented Critical Cyber Recommendations
Report Spotlights Cybersecurity Shortcomings
Susan Lucci, senior privacy and security consultant at tw-Security, notes that the HITECH Act meaningful use program criteria were designed to encourage providers to capture information that could potentially improve quality and outcomes. That data must be kept private, as well as accessible to patients, to ensure HIPAA compliance.
“Patient portals have been deployed to allow individuals to obtain their health information. The goal was to empower the patient with information to help them make informed decisions about their care. Participation and utilization are still not optimal,” she notes.
“Complaints continue to be made with the HHS Office for Civil Rights about denial of access to records. So clearly, we have a problem that needs to be resolved,” she notes.