[ISN] OIG audit criticizes HHS access controls

http://www.fiercehealthit.com/story/office-inspector-general-audit-criticizes-hhs-access-controls/2014-07-29 By Susan D. Hall FierceHealthIT.com July 29, 2014 The U.S. Department of Health and Human Services must improve its security procedures for granting access to physical facilities as well as computer applications and files, according to an audit from the HHS Office of Inspector General that found security controls inadequate. The audit looked at how well the agency complied with Homeland Security Presidential Directive-12, which lays out access-management policy for government workers and contractors. It covered program and system-specific controls, encryption, change controls, Web vulnerability management and physical security. It found five areas it categorized as high risk and one