Office of Inspector General: 9 findings on HHS compliance with IT security

Although HHS has made strides in IT security, there is still work to be done, according to a report by HHS' Office of Inspector General.

The report, conducted by Ernst & Young while under contract with the Office of Inspector General's Office of Audit Services, evaluates HHS' compliance with the Federal Information Security Modernization Act of 2014.

Here are the nine areas the Office of Inspector General identified as weaknesses.

  • Continuous monitoring management
  • Configuration management
  • Identity and access management
  • Incident response and reporting
  • Risk management
  • Security training
  • Plan of action and milestones
  • Contingency planning
  • Contractor systems

"Overall, in comparison to the prior year's FISMA review, HHS has made improvements," according to the report. "However, despite the progress made to improve the HHS and its [operating division's] information security program, opportunities to strengthen the overall information security program exist. "

Click here to view the full report.

More articles on health IT:
UW Health partners with American Well
'Focus on the basics': 3 questions with Eligible founder Katelyn Gleason
How advanced analytics can integrate mental health as routine patient care

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months