Department Of Health And Human Services Office Of Inspector General's FY 2014 Work Plan Identifies Security Of EHR Technology As New Focus

more+
less-

On January 31, 2014, the U.S. Department of Health and Human Services ("HHS") Office of Inspector General ("OIG") released its annual work plan.  Not surprisingly, issues relating to Electronic Health Records ("EHRs") continue to receive significant attention.

Pursuant to the American Recovery and Reinvestment Act of 2009, OIG received funding to evaluate whether funds received by HHS agencies and grantees have been utilized for their intended purposes and in accordance with program requirements. 

This past year, OIG reviewed Medicare and Medicaid incentive payments to providers to determine whether they were erroneous. These efforts will continue this fiscal year, with OIG evaluating whether incentive payments for the purchase, implementation and operation of EHR technology have been claimed by providers and hospitals in accordance with requirements and to assess the Centers for Medicare and Medicaid Services' ("CMS") actions to rectify erroneous payments.

As meaningful-use attestors are aware, a core meaningful-use objective for eligible providers and hospitals is to safeguard EHR information created or maintained by certified EHR technology. 

In 2014, OIG will follow-up on this objective by launching a new initiative that will focus on auditing various covered entities receiving EHR incentive payments and their business associates, such as EHR cloud service providers.  The OIG plans to target the issue of whether electronic health information created or maintained by certified EHR technology is being adequately protected through these cloud service providers. 

The entire 2014 work plan may be viewed here.