Publicly Released: April 27, 2020
The DoD Office of Inspector General (DoD OIG) recognizes that MTFs are seeing and treating patients at increasing rates. The DoD OIG is providing this document to share lessons learned and best practices that we identified during our previous work related to the security and protection of PHI at MTFs.
Over the past 3 years, the DoD OIG and Government Accountability Office (GAO) assessed the effectiveness of security controls implemented to protect DoD controlled unclassified information, including PHI and PII maintained on DoD networks and systems, from internal and external cyber threats. We reviewed four reports issued by the DoD OIG and GAO related to security weaknesses for protecting PHI.
• GAO‑18‑210, “Electronic Health Information: CMS Oversight of Medicare Beneficiary Data Security Needs Improvement,” March 6, 2018
• DODIG‑2020‑078, “Audit of Physical Security Controls at Department of Defense Medical Treatment Facilities,” April 6, 2020
• DODIG‑2018‑109, “Protection of Patient Health Information at Navy and Air Force Military Treatment Facilities,” May 2, 2018
• DODIG‑2017‑085, “Protection of Electronic Patient Health Information at Army Military Treatment Facilities,” July 6, 2017