The Federal Hub project is one that remains still very controversial as QSSI received the contract from HHS, only 2 weeks later to be bought by United Healthcare. I should say Optum I guess as it is a subsidiary of United Health Group and get the “daisy chain” of subsidiaries properly stated. This makes it hard at times when the daily chain comes in as I looked at the SEC pages and I couldn’t find a couple of the subsidiaries of subsidiary listings. This is a little disturbing in the fact that USB security and restrictive use has been around for a long time and so now we have the company that is going to have access to the IRS, Immigration, Social Security and much more for health insurance exchanges with no doubt very high security clearance that doesn’t address USB drive security? This is pretty scary as it’s pretty standard in almost every IT department in government to have policies. Most in private industry also have policies.
States Slowly Getting Insurance Exchanges Set Up as Federal Exchange Hub Built By United Health Group Subsidiary. QSSI Still Remains a Mystery
As the exchanges move forward we also see fewer and fewer big carriers participating and like in California, hospital chains who have created their own insurance plans also said no thanks. In addition, ones who are there such as Kaiser in California are coming in with higher rates than normal. USB connectivity and access last I remembered could be done right in group policy, pretty standard so wonder how their other project is coming along and hope they didn’t miss any other security items when building the Federal Hub, which I still wonder how secure it will be as well. When word first broke of United buying CSSI, the notification was not timely reported to the SEC and HHS began trying to put a firewall up around CSSI after United bought it as we all know how much data United collects, sells and profit on and we never know what the Query Masters do at times. BD
An IT contractor that tests the Medicare claims standard systems needs to improve security controls for USB devices, an Inspector General report recommends — especially considering the risks of malware and breaches posed by USBs.
Quality Software Services Inc. (QSSI) provides independent testing for the Medicare Parts A and B fee-for-service standard systems with data on about 6 million Medicare beneficiaries, and until late last year, the firm hadn’t listed essential system services or USB ports in its security plan and hadn’t restricted the use of unauthorized USB device access, according to the Health and Human Services’ Office of the Inspector General.
In its report, the OIG recommended QSSI update its policies and ensure that USB controls comply with federal requirements, namely National Institute of Standards and Technology guidelines for federal agencies. Specifically, the OIG said, the firm should list essential system services and ports in its security plan, update its policies to explicitly prohibit unauthorized USB devices in systems working with Medicare data and limit USB port access to “essential connections.”