DoD Health Agency Security Flaws Put Patient Data at Risk, OIG Finds
Jessica Davis reports:
The Department of Defense Health Agency (DHA) failed to consistently implement security measures to protect the systems that stored, processed, and transmitted electronic health record and patient information, according to a DoD Office of Inspector General report released this week.
The report found DHA and Army officials didn’t enforce the use of Common Access Cards meant to give access to its EHR and two other Army systems. DoD officials said the CAC software was incompatible with older system software, or didn’t allow multiple users to log in and out of the system, without a system reboot. Currently, DoD is replacing its legacy EHR with Cerner.
What’s worse is that DoD failed to comply with its own password complexity requirements for its clinical information system and two other DoD systems – “because system administrators considered existing network authentication requirements sufficient to control access,” OIG officials said.
Read more on Health IT Security.