TRENDING:

Governance & Risk Management , Privacy , Risk Assessments

Coast Guard Health Data Privacy Is Suspect

IG: Personnel, Kin May Be Exposed to Loss of Privacy, ID Theft Eric Chabrow (GovInfoSecurity) • May 19, 2015    
Coast Guard Health Data Privacy Is Suspect

The United States Coast Guard faces challenges in protecting the private information found in medical records of its personnel and their families, a Department of Homeland Security inspector general report says.

See Also: The Biggest & Boldest Data Breaches & Insider Threats of 2023

Sondra McCauley, assistant inspector general for IT audits, writes in the report titled United States Coast Guard Safeguards for Protected Health Information Need Improvement that the Coast Guard does not maintain consistent instructions for managing and securing health records. "Without updated instructions for records retention and disposal, USCG may expose personnel and their families to loss of privacy and identity theft," she says.

McCauley points out that Coast Guard clinics have not established a process to periodically review physical security to mitigate risks to private data. In addition, she says the Coast Guard, part of DHS, does not have formal communications such as regular meetings between its privacy and HIPAA officers to improve privacy oversight and incident reporting. "Lacking such coordination, USCG is limiting its ability to assess risks and mitigate potential for privacy or HIPAA breaches," she says.

Ariel Silverstone, a veteran chief information security officer who has dealt with HIPAA compliance, suggests the privacy challenges the Coast Guard faces is due, in part, by the failure of anyone taking ownership. "It appears that no one functionary, even at the assistant commandant level, is responsible for privacy," Silverstone says. "The privacy structure and the clear political obstacles at USCG have, and will continue to, create an untenable situation. The privacy function for HIPAA should be either dotted-line to the agency chief privacy officer or have the privacy elements of HIPAA moved to that office in full."

The IG made a series of recommendations, including having the Coast Guard vice commandant establish a formal mechanism to ensure communications between the privacy officer and the HIPAA privacy and security official to enhance privacy oversight and reporting. The IG also recommended the vice commandant establish milestones to ensure the Coast Guard has contingency plans in place to safeguard privacy in event of a disaster or emergency and to periodically review steps to mitigate physical risks at clinics.

Rear Admiral Todd Sokalzuk, Coast Guard assistant commandant for resources and chief financial officer, responded that the Coast Guard concurs with the recommendations and will implement them.

Previous
St. Louis Fed Confirms DNS Hijacking
Next
Is FDA Medical Device Alert Tip of Iceberg?

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.