OIG Issues Questionnaire on Electronic Health Record Security Practices

more+
less-

The HHS Office of Inspector General (OIG) has issued an 18-page, 54-question survey regarding the safety and audit practices used by hospitals to safeguard information stored in electronic health records (EHRs).  These surveys are directed to a number of eligible hospitals that have successfully attested to meaningful use of certified EHR technology under the HITECH Act.  The survey was due back to OIG by October 26, 2012, but we understand that some providers have been granted extensions.  The questionnaire is available by clicking here.

The questionnaire focuses on several areas of interest: coding practices; user authentication procedures; access to the EHR by entities other than the hospital; audit log use and capabilities; procedures for entry of physician progress and nursing notes into the EHR; export of information from the EHR; patient access; and “copy and paste” capabilities.

The questionnaire is the most recent in a series of events scrutinizing provider use of EHRs.  On September 22, 2012, the New York Times reported that some experts believe providers are using EHRs to bill for medically unnecessary services.  Shortly after publication of that article, Attorney General Eric Holder and HHS Secretary Kathleen Sebelius issued a joint letter to the major hospital trade associations warning against misuse of EHRs.  The letter particularly focused on providers cutting-and-pasting progress notes and diagnoses from one patient record to another without any indication of specific, individualized evaluation.  These developments were summarized in detail in the October 1, 2012 edition of Health Headlines, available by clicking here.

Reporter, Christopher Kenny, Washington, D.C., +1 202 626 9253, ckenny@kslaw.com.