United States: GAO Issues Report On Electronic Health Information

In August 2016, the U.S. Government Accountability Office ("GAO") released a report to the Senate Committee on Health, Education, Labor, and Pensions entitled "Electronic Health Information, HHS Needs to Strengthen Security and Privacy Guidance and Oversight" ("Report"). The Report found that while electronic health information can offer substantial benefits to providers and patients, the systems for storing and transmitting such information are vulnerable to cyber-based threats. The number of data breaches involving health care records has increased dramatically in recent years, from zero breaches in 2009 to 56 breaches in 2015 (involving more than 113 million records). According to the GAO, although HHS has published HIPAA compliance guidance for covered entities, such as health plans and health care providers, that guidance does not address all elements called for by other federal cybersecurity guidance. According to the Report, in order to improve effectiveness of HHS guidance and oversight of privacy and security for health information, HHS should update its guidance for protecting electronic health information to address key security elements, improve the technical assistance it provides to covered entities, follow up on corrective actions, and establish metrics for gauging the effectiveness of its audit program.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.