OIG 2016 work plan heightens, refines EHR scrutiny

The Department of Health and Human Services' Office of Inspector General (OIG) continues to focus on electronic health records and health IT, adding two EHR-related issues to its new 2016 work plan.

In the plan, published Nov. 2, OIG says for the first time that it will review the U.S. Food and Drug Administration's oversight of medical devices networked to EHRs.

"We will examine whether FDA's oversight of hospitals' networked medical devices is sufficient to effectively protect associated electronic protected health information [ePHI] and ensure beneficiary safety," the plan says. "Computerized medical devices, such as dialysis machines, radiology systems and medication dispensing systems that are integrated with electronic medical records and the larger health network, pose a growing threat to the security and privacy of personal health information."

The 2015 work plan noted that OIG would examine CMS' oversight of medical devices networked to EHRs; this was dropped from the updated 2015 work plan, released in June.

OIG also added to the 2016 work plan, its intent to review the adequacy of the Office for Civil Rights' oversight of the security of electronic protected health information (ePHI). While the plan doesn't specify where ePHI is usually found, the majority of ePHI is located in EHRs.

Other health IT issues that OIG will continue to investigate from last year's work plan include:

  • The use of EHRs to support care coordination by accountable care organizations
  • Medicare and Medicaid Meaningful Use incentive payments
  • The security of certified EHR technology under Meaningful Use
  • The extent to which hospitals comply with EHR contingency planning requirements of HIPAA

In addition, OIG puts the industry on notice that its security of health IT will increase, saying that it "expects to broaden its portfolio regarding information privacy and security, including issues that arise from the continuing expansion of the Internet of Things."

OIG has regularly expressed concern about EHRs and program integrity, and has called the Meaningful Use program a top management challenge. 

To learn more:
- here's the work plan (.pdf)