Information Security: The Centers for Medicare & Medicaid Services Needs to Improve Controls over Key Communication Network

GAO-06-750 Published: Aug 30, 2006. Publicly Released: Oct 03, 2006.
Jump To:
Skip to Highlights

The Centers for Medicare & Medicaid Services (CMS), a component within the Department of Health and Human Services (HHS), is responsible for overseeing the Medicare and Medicaid programs--the nation's largest health insurance programs--which benefit about one in every four Americans. CMS relies on a contractor-owned and operated network to facilitate communication and data transmission among CMS business related entities. Effective information security controls are essential to protecting the confidentiality, integrity, and availability of this sensitive information. At Congress's request, GAO assessed the effectiveness of information security controls over the communication network used by CMS by conducting a technical assessment of the information security controls that are currently in place.

Skip to Recommendations


Recommendations for Executive Action

Agency Affected Recommendation Status
Centers for Medicare & Medicaid Services To help strengthen information security controls over the CMS communication network, the CMS Administrator should direct the Chief Information Officer to take steps to ensure that information security policies and standards are fully implemented.
Closed – Implemented
According to officials at the Department of Health and Human Services, Centers for Medicare and Medicaid Services, the agency has addressed this recommendation by taking action on recommendations in the related Limited Official Use Only report. GAO has verified the actions in 2010 and determined a substantial number of findings have been closed.

Full Report

GAO Contacts