The report, conducted by Ernst & Young while under contract with the Office of Inspector General’s Office of Audit Services, evaluates HHS’ compliance with the Federal Information Security Modernization Act of 2014.
Here are the nine areas the Office of Inspector General identified as weaknesses.
- Continuous monitoring management
- Configuration management
- Identity and access management
- Incident response and reporting
- Risk management
- Security training
- Plan of action and milestones
- Contingency planning
- Contractor systems
“Overall, in comparison to the prior year’s FISMA review, HHS has made improvements,” according to the report. “However, despite the progress made to improve the HHS and its [operating division’s] information security program, opportunities to strengthen the overall information security program exist. “
Click here to view the full report.
More articles on health IT:
UW Health partners with American Well
‘Focus on the basics’: 3 questions with Eligible founder Katelyn Gleason
How advanced analytics can integrate mental health as routine patient care
