The Department of Health and Human Services has made progress toward addressing privacy in healthcare IT, but there is more yet to do, according to a report released by the General Accountability Office.

The GAO said HHS has made advances in healthcare quality and other aspects of healthcare, but privacy risks to electronic storage and exchange of personal health information remain a problem.

The report, released Wednesday, was prepared for Senate leaders.

The new GAO report serves as an update to a January report on HHS efforts to ensure healthcare IT privacy. In January, GAO said HHS should define and implement an overall privacy approach.