FierceHealthIT previously reported on the lackluster security controls used by the Health Resources and Services Administration (The HRSA) identified by the Office of the Inspector General (OIG). The same source recently cited another report from the OIG assessing the capabilities of the Information Technology Infrastructure and Operations Office (ITIO), another similar entity from within the Department of Health and Human Services.
The report concerned several controls that pertain to different functions, including patch, configuration and antivirus management. The results were also similar, with the unsecured areas posing possible security threats to agency IT.
The HHS Office of the Chief Information Officer approved of the recommendations that the OIG made in response and there are currently plans to implement them and improve the organization's security. The text of the report establishes how the ITIO works and why they are at risk of possible security hazards.
"The information technology (IT) needs of HHS are supported by a service contract. The contractor is responsible for managing the network infrastructure (i.e., the network, routers, firewalls, and general-use servers) and user desktops for the smaller OPDIV s," the report said. "ITIO oversees the contractor to ensure that all aspects of the contract are successfully completed."
When security processes are left unevaluated, they pose an obvious problem for health IT administrators. With strategic assessment services, healthcare entities will receive a thorough review of their existing IT infrastructure, which can include security risks and possible HIPAA violations as well as other hazards of poorly regulated health systems. Compliance involves making a conscious effort to pursue the latest safeguards and enact the proper punishments when a breach or serious error is detected.