Security problems found in Medicare computer network

Physician names and ID numbers, as well as patient treatment information, are at risk for unauthorized discovery, the GAO says.

By David Glendinning, AMNews staff. Oct. 23/30, 2006.

Washington -- The computer network that the federal government uses to transmit Medicare claims data is riddled with security weaknesses that could result in the inappropriate disclosure of sensitive information, according to a new report.

The Government Accountability Office identified nearly 50 significant flaws in the system that controls access to the Medicare claims information while it is being sent from one federal entity to another.

The Centers for Medicare & Medicaid Services contracts with a private firm to manage the network that handles transmission of these data.

The names and ID numbers of physicians treating Medicare patients, as well as information about the medical services and diagnoses that individual doctors provide, could be open to discovery by someone who takes advantage of one of the weaknesses, the GAO said.

The study found that the ability of the contractor to authenticate users who manage the communications network was inadequate. In the event that the network does suffer an external attack, auditing systems would not necessarily be able to identify how the breach occurred.

In some cases, the government is not ensuring that its own network security policies are being followed when it comes to transmitting Medicare claims data, the report said. The oversight agency urged CMS' chief information officer to close these security gaps.