Health IT data security crude in some companies, says CMS CIO

Companies desiring links to Medicare and Medicaid systems often show poor controls

The level of information security in systems run by some companies that want to be linked electronically with the Centers for Medicare and Medicaid Services (CMS) is so rudimentary that it is “almost embarrassing,” Julie Boughn, CMS’ chief information officer, said today.

“When we look at the entities, inevitably, we find basic amateur problems with security,” Boughn said at a Health Information Technology conference sponsored by the Bethesda chapter of AFCEA .

 “These are large companies that you all have heard of. It is almost embarrassing," Boughn said.  She did not name the companies.

Organizations that want to engage in health IT should follow Federal Information Security Management Act principles and perform regular audits and upgrades, she said.

“We all need to step up our game,” Boughn said. “FISMA is an excellent framework.

The CMS overhauled its IT security starting 10 years ago after an internal audit showed “disastrous” lack of security, she added. “We have done a lot of work,” Boughn said.

Boughn said she's engaged in helping CMS prepare its systems to handle the $17 billion in incentive payments that will flow to physicians and hospitals under the economic stimulus law. Congress stipulated that the payments would go to providers who buy and "meaningfully use" electronic health record systems.

The law will require a new level of cooperation between Medicare and Medicaid, she said. The law “requires an unprecedented integration between Medicare and Medicaid. We used to not talk to each other and barely knew each other,” Boughn joked,” but with the [stimulus] it is very different.”

Boughn described the role of health IT expansion in the stimulus law as a foundation for health data exchange, health care reform and health improvement.

“We are paying money for measures and metrics,” Boughn said. “That is implicit throughout health care reform. We are building a foundation for the future.”


About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Tue, Apr 13, 2010

Alice, How about if you contact a Kaiser PR spokesperson to see if he or she thinks that maybe CMS CIO would include Kaiser in that group of technology laggards? That would make sense, of course, since it's unimaginable that Kaiser Permanente's Public Relations area could possible put out a statement that distorts the truth.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group