Health IT data security crude in some companies, says CMS CIO

Companies desiring links to Medicare and Medicaid systems often show poor controls

The level of information security in systems run by some companies that want to be linked electronically with the Centers for Medicare and Medicaid Services (CMS) is so rudimentary that it is “almost embarrassing,” Julie Boughn, CMS’ chief information officer, said today.

“When we look at the entities, inevitably, we find basic amateur problems with security,” Boughn said at a Health Information Technology conference sponsored by the Bethesda chapter of AFCEA .

 “These are large companies that you all have heard of. It is almost embarrassing," Boughn said.  She did not name the companies.

Organizations that want to engage in health IT should follow Federal Information Security Management Act principles and perform regular audits and upgrades, she said.

“We all need to step up our game,” Boughn said. “FISMA is an excellent framework.

The CMS overhauled its IT security starting 10 years ago after an internal audit showed “disastrous” lack of security, she added. “We have done a lot of work,” Boughn said.

Boughn said she's engaged in helping CMS prepare its systems to handle the $17 billion in incentive payments that will flow to physicians and hospitals under the economic stimulus law. Congress stipulated that the payments would go to providers who buy and "meaningfully use" electronic health record systems.

The law will require a new level of cooperation between Medicare and Medicaid, she said. The law “requires an unprecedented integration between Medicare and Medicaid. We used to not talk to each other and barely knew each other,” Boughn joked,” but with the [stimulus] it is very different.”

Boughn described the role of health IT expansion in the stimulus law as a foundation for health data exchange, health care reform and health improvement.

“We are paying money for measures and metrics,” Boughn said. “That is implicit throughout health care reform. We are building a foundation for the future.”


About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.