Updated OIG 2015 work plan adds EHR issues under review

The Department of Health and Human Services Office of Inspector General continues to refine its scrutiny of electronic health records, adding a new focus area in an update to its work plan, but deleting several older items previously under review.

The 2015 update says that for the first time, OIG will review the use of EHRs by accountable care organizations to coordinate care.

"We will review the extent that providers participating in ACOs in the Medicare Shared Savings Program use electronic health records [EHRs] to exchange health information to achieve their care coordination goals," it says. "We will also assess providers' use of EHRs to identify best practices and possible challenges in their progression toward interoperability [the extent that information systems can exchange data and have the ability to interpret those shared data]."

Other EHR-related priority areas that OIG is already working on that will remain in the 2015 work plan include:

  • The extent to which hospitals comply with EHR contingency planning requirements of HIPAA  
  • Whether providers that received Medicare and/or Medicaid Meaningful Use incentive payments were entitled to the money
  • Whether covered entities are adequately securing electronic patient protected health information created or maintained by certified EHR technology; OIG specifically states that hospitals must conduct security risk analyses

Interestingly, the updated plan no longer includes a review of whether business associates, such as cloud services and other downstream service providers, also are adequately securing electronic patient protected health information. It also no longer includes a review of CMS' oversight of hospitals' security controls over networked medical devices. The updated work plan states that it removed items that have been completed, postponed or canceled, but does not indicate which category any of the items removed fall into.

OIG also noted that it will continue to focus on emerging concerns, including IT systems security vulnerabilities in reform programs, and is considering looking into the security of electronic data and the exchange of health information technology.

OIG provides oversight of more than 300 HHS programs. The agency identified EHRs and Meaningful Use as a top management challenge.

To learn more:
- here's the update to the work plan (.pdf)