- MACRA proposed rule published by HHS, streamlining federal programs including meaningful use
- CMS modernizes Medicaid managed care regulations, putting focus on improved health data exchange
- U.S. Coast Guard pulls out of Epic EHR contract, forcing return to paper records
- Texas CISO points to HITRUST and NSA guidance to boost cybersecurity
- ONC: 4 ways to make better EHR comparison shopping tools
Established in 1976, the Health and Human Services (HHS) Office of the Inspector General (OIG) fights waste, fraud and abuse to over 300 HHS programs including Medicare, Medicaid, CDC, NIH, and FDA. Each year the OIG releases its summary report of the greatest challenges faced by HHS and identifies new and continuing issues in the coming year. 2012 Top Management & Performance Challenges is an annual report that meets an OIG requirement under the Reports Consolidation Act of 2000, Public Law 106-531.
This year’s top 10 list includes Health IT: Management Issue 9: Integrity and Security of Health Information Systems and Data
[Related: 3 steps to HIPAA security in the cloud]
Under this challenge the OIG acknowledges the benefits of Health IT but also provides a cautionary note:
As health care providers modernize their medical record keeping and billing systems, the adoption of electronic health records (EHR) and other innovations offer opportunities for improved patient care and more efficient practice management. However, as growing quantities of personal medical information are stored in electronic format, protecting the privacy and security of these data and ensuring the integrity of EHRs is critical.
The OIG lists specific issues for this challenge as:
- Protection and Data Security of personal health information
- Maintaining integrity of EHR Incentive payouts
- Minimizing fraudulent billing or inappropriate care through EHRs
The OIG makes clear HHS has made progress on these issues and makes additional recommendations:
- HHS must increase its focus on enforcement of privacy and security including CMS’ own systems and contractors.
- Maintain continued compliance reviews to ensure adoption of privacy and security standards.
- Increase protections to guard against medical identity theft and assist those who have been compromised.
- Provide additional guidance on best practices for EHR adoption including strict oversight of the financial incentives for adoption through prepayment verification and post payment auditing.
View the full 2012 report here.
Carol Flagg is a managing partner of HITECHAnswers, where this article was orginally published.