Health IT Security April 9, 2021
Jessica Davis

The latest GAO audit of HHS’ information security program against FISMA standards found multiple flaws, including failure to implement continuous monitoring in select operating divisions.

An evaluation of the Department of Health and Human Services against Federal Information Security Modernization Act of 2014 (FISMA) principles found the agency’s information security program “not effective,” due to several maturity deficiencies, according to the Government Accountability Office.

Under FISMA, Inspectors General are required to perform an annual, independent review of agency information security programs and practices, to determine overall effectiveness. For the HHS audit, Ernst & Young conducted a review of HHS compliance as of September 30, 2020 against FISMA reporting metrics.

The auditors reviewed the program against applicable federal laws, regulations, and...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, GAO, Govt Agencies, Health IT, HHS, Survey / Study, Technology, Trends
Related Articles:
‘It Will Set Us Back Multiple Decades’: Why Public Health Experts Are Panicking About the HHS Overhaul
Which jobs were cut at CDC? Here’s a list.
KFF Health News' 'What the Health?': American Health Gets a Pink Slip
RFK Jr. Ends Public Comment On HHS Policies, Conflicts With Promised Transparency
Inside RFK Jr.’s MAHA agenda with Calley Means | Playbook Deep Dive

Share This Article