Question
What is the Office of the Inspector General’s (OIG) role in electronic health records (EHR)?
Answer
The OIG recently released its Recovery Act Implementation Overview and Work Plan (Plan) for 2011. A significant portion of the Plan items relate to healthcare information technology (HIT), including meaningful use. With regard to HIT generally, the OIG seems especially concerned with information security.
The meaningful-use incentive program contemplates a large outlay of government funds to eligible professionals and hospitals who have met technically exacting criteria regarding the implementation and use of varied HIT. The OIG intends to monitor this program closely. In total, the Plan includes a half dozen different items related to meaningful use. The OIG intends to:
- review the ONC’s oversight of the ATCBs to ensure that the ATCBs have properly reviewed and tested the security features of EHR products put forth for certification (this review will include a review of some EHRs that have already received certification);
- determine whether Centers for Medicare & Medicaid Services’ (CMS) HIT system enhancements include the standards adopted by the Department of Health and Human Services (HHS) and provide sufficient security for sensitive personal information;
- assess CMS’ compliance with the current Breach Notification Rule (which is described at
James B. Wieland, is a principal in Ober|Kaler’s Health Law and Intellectual Property Groups in Baltimore, MD, where he leads the Healthcare Information Privacy, Security, and Technology practice. He represents start-up and emerging healthcare services, practice-management and technology companies, healthcare providers, and physician organizations.
