The Centers for Medicare & Medicaid Services (CMS) is responsible for safeguarding sensitive patient data, and also secures information exchanged between hundreds of partners at the federal and state level, as well as with universities and private businesses. As a result, there is zero tolerance for security breaches, and CMS must comply with ever-changing regulatory requirements.
CMS faces intense public pressure to maintain patient privacy and secure patient data, not only within its own environment, but when sharing data with external partners. As the rate of data exchange and the number of external partners continued to increase, CMS grew concerned about its exposure to potentially catastrophic data breaches and identified the critical need to enhance its data protection. In order to continue to meet the expectations of patients and government officials, CMS realized it needed to address support issues with partners who may not have had the expertise necessary to implement or manage advanced data security technology.
While it has historically maintained an excellent record for data security, CMS’s strategy had been focused on securing networks and devices, rather than sensitive data itself. The agency now recognized the need to implement data-level encryption that would protect health care recipients’ personal information at rest and in motion, regardless of IT platform, point of origin, or destination.
The agency’s move toward encryption was given further urgency by the need to maintain compliance with data protection standards mandated by federal laws, including the Federal Information Security Management Act and the Health Insurance Portability and Accountability Act.