Medicare-Medicaid Computer System Show Up With Vulnerabilities

The New York Times reported that there are serious flaws in the computer system that holds financial data for millions of Medicare and Medicaid recipients. Federal investigators found the vulnerabilities and said they could cause improper revelation of sensitive medical information of public, enlisted in Medicare and Medicaid.

In their report, the investigators from the ‘Government Accountability Office’ said that critical information security controls were absent from a vast communication network that federal centers for Medicare and Medicaid services were using.

The computer network connects the core database of the Centers for Medicare and Medicaid services with different organizations in the government’s medical network – hospitals and nursing homes - and that makes its data vulnerable. The network also brings financial information on Medicare and Medicaid patients in contact with banks, insurance companies, health schemes and private institutions.

The ‘Government Accountability Office’ (GAO) found 47 loopholes in the computer system that the Centers for Medicare and Medicaid Services use to exchange bill accounts and to exchange information with health care providers. The holes could enable unauthorized individuals to gain access to private medical information on beneficiaries. The flaw in the system could result in serious disruption of services, which could have an impact on millions of customers.

The report described the concern about weaknesses in the specific control systems. It said that network holds data along with personal information on beneficiaries that include name, sex and date of birth, Social Security number and house address. The network also transfers medical and financial information, giving the diagnosis of the patient’s ailment, prescriptions, names of doctors and hospitals, services delivered and charges paid.

The GAO’s investigation concluded that important security measures such as strict password controls and data encryption are not deployed on the system. So program officials should be on the job to overcome these shortcomings, urgently. Beneficiaries and service providers expect the secret health information is secure. They also expect the agency officials to ensure the security of the system.

CMS officials have already repaired 22 of the 47 flaws. Another 19 shall be fixed soon and the rest six were under inspection to decide what other resources were necessary.

» SPAMfighter News - 10/16/2006