The GAO said HHS has made advances in healthcare quality and other aspects of healthcare, but privacy risks to electronic storage and exchange of personal health information remain a problem.
The report, released Wednesday, was prepared for Senate leaders.
The new GAO report serves as an update to a January report on HHS efforts to ensure healthcare IT privacy. In January, GAO said HHS should define and implement an overall privacy approach.
Based on a current review of HHS documents describing the agency's privacy-related healthcare IT activities, GAO determined HHS still needs to include "a process for ensuring that key privacy principles and challenges are completely and adequately addressed."
"Stakeholders may lack the overall policies and guidance needed to assist them in their efforts to ensure that privacy protection measures are consistently built into health IT programs and applications," GAO said. "Moreover, the department may miss an opportunity to establish the high degree of public confidence and trust needed to help ensure the success of a nationwide health information network."