Audit reports hit HHS on digital security

Two new audit reports question the Department of Health and Human Services' commitment to digital security in health information technology.

The reports, issued by HHS' inspector general's office, target both the Office of the National Coordinator for Health Information Technology and the Office for Civil Rights for failing to adequately protect patients' electronic information. In a 36-page “rollup” report citing audits at seven unnamed hospitals, the inspector general's office assails the Office for Civil Rights for a lack of rigor in enforcing the security provisions of the Health Insurance Portability and Accountability Act of 1996. The report also calls out the CMS, which previously oversaw digital security. In a separate 23-page report, auditors criticize the ONC for lack of leadership in promoting electronic health information security.