Health IT data security crude in some companies, says CMS CIO

Companies desiring links to Medicare and Medicaid systems often show poor controls

The level of information security in systems run by some companies that want to be linked electronically with the Centers for Medicare and Medicaid Services (CMS) is so rudimentary that it is “almost embarrassing,” Julie Boughn, CMS’ chief information officer, said today.

“When we look at the entities, inevitably, we find basic amateur problems with security,” Boughn said at a Health Information Technology conference sponsored by the Bethesda chapter of AFCEA .

 “These are large companies that you all have heard of. It is almost embarrassing," Boughn said.  She did not name the companies.

Organizations that want to engage in health IT should follow Federal Information Security Management Act principles and perform regular audits and upgrades, she said.

“We all need to step up our game,” Boughn said. “FISMA is an excellent framework.

The CMS overhauled its IT security starting 10 years ago after an internal audit showed “disastrous” lack of security, she added. “We have done a lot of work,” Boughn said.

Boughn said she's engaged in helping CMS prepare its systems to handle the $17 billion in incentive payments that will flow to physicians and hospitals under the economic stimulus law. Congress stipulated that the payments would go to providers who buy and "meaningfully use" electronic health record systems.

The law will require a new level of cooperation between Medicare and Medicaid, she said. The law “requires an unprecedented integration between Medicare and Medicaid. We used to not talk to each other and barely knew each other,” Boughn joked,” but with the [stimulus] it is very different.”

Boughn described the role of health IT expansion in the stimulus law as a foundation for health data exchange, health care reform and health improvement.

“We are paying money for measures and metrics,” Boughn said. “That is implicit throughout health care reform. We are building a foundation for the future.”


About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.