OIG Work Plan targets security, integrity of EHRs, medical devices

Laura Pedulli | | Health Exec | Policy & Regulations

The Office of the Inspector General’s (OIG) Work Plan for fiscal 2014 places added attention on the security and integrity of health IT, both for EHRs and networked medical devices within hospitals.

The 101-page plan includes two new areas that pertain to health IT. Under the plan, OIG will determine whether hospitals’ security controls over networked medical devices—such as dialysis machines, radiology systems and medication dispensing systems—adequately protect electronically protected health information (PHI) and ensure patient safety.

Also, OIG will examine the security of EHR technology under Meaningful Use. The office will perform audits of various covered entities receiving EHR incentive payments, as well as business associates like EHR cloud service providers, to determine whether they sufficiently protect PHI.

“Business associates that transmit, process and store EHRs for Medicare/Medicaid providers are playing a larger role in the protection of electronic health information. Therefore, audits of cloud service providers and other downstream service providers are necessary to assure compliance with regulatory requirements and contractual agreements,” according to the Work Plan.

The OIG will continue with other health-IT related focus areas, including documentation vulnerabilities in evaluation and management coding within EHRs, the security of portable devices containing PHI and the Department of Health & Human Services Office for Civil Rights oversight of HIPAA's privacy and breach notification rules.  

 

Laura Pedulli

Related Content

Cardiologist demand is on the rise—can hospitals keep up?
AdvaMed itemizes AI imperatives for ‘the entire healthcare ecosystem’
UnitedHealth defends $3.3B Amedisys acquisition
DOJ sues to block UnitedHealth’s $3.3B acquisition of home health giant
Private equity firm to buy Summa Health for $485M
Private equity transactions in healthcare down 15% since 2023, report finds

Around the web

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

Cardiovascular Business
FDA commissioner urges clinicians to join fight against medical misinformation

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Design by Adaptive Theme
Trimed Popup
Trimed Popup