Skip to Content

OIG report finds that CMS has not thoroughly addressed EHR security vulnerabilities

The HHS OIG's strategic plan for 2014 - 2018 (available here) identifies the security and integrity of electronic health records (EHRs) as a key focus area in its goal of addressing vulnerabilities that affect the long-term outlook for HHS programs. In furtherance of this plan, the OIG conducted a study of CMS and its program integrity contractors to determine whether techniques used to identify improper payments and investigate fraud were properly tailored to the unique vulnerabilities presented by EHR technologies.

The results of the study are detailed in a January report, in which the OIG states that CMS and its contractors have adopted few program integrity practices specific to EHRs. The report goes on to make recommendations to CMS that would address these security vulnerabilities and includes CMS' response. 

The report is available in full here