Information Security: The Centers for Medicare & Medicaid Services Needs to Improve Controls over Key Communication Network
Highlights
The Centers for Medicare & Medicaid Services (CMS), a component within the Department of Health and Human Services (HHS), is responsible for overseeing the Medicare and Medicaid programs--the nation's largest health insurance programs--which benefit about one in every four Americans. CMS relies on a contractor-owned and operated network to facilitate communication and data transmission among CMS business related entities. Effective information security controls are essential to protecting the confidentiality, integrity, and availability of this sensitive information. At Congress's request, GAO assessed the effectiveness of information security controls over the communication network used by CMS by conducting a technical assessment of the information security controls that are currently in place.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Centers for Medicare & Medicaid Services | To help strengthen information security controls over the CMS communication network, the CMS Administrator should direct the Chief Information Officer to take steps to ensure that information security policies and standards are fully implemented. |
Closed – Implemented
According to officials at the Department of Health and Human Services, Centers for Medicare and Medicaid Services, the agency has addressed this recommendation by taking action on recommendations in the related Limited Official Use Only report. GAO has verified the actions in 2010 and determined a substantial number of findings have been closed.
|