OIG to Scrutinize Privacy Protections
Inspector General Also Will Monitor HITECH EHR Program
January 3, 2011
The Office of the Inspector General will scrutinize the privacy
and security policies of the Department of Health and Human Services, as well as the details of the HITECH Act
electronic health record incentive program.
The OIG outlined in its fiscal 2011 work plan all its HHS monitoring efforts for the year ahead. Among the projects outlined in Appendix A are to review:
- The Medicare and Medicaid electronic health record incentive programs to, for example, assess plans to prevent and remedy erroneous incentive payments.
- The HHS Office of the National Coordinator for Health IT's efforts to recommend standards, implementation specifications and certification criteria for health information exchange to ensure security controls have been adequately developed.
- The HHS Office for Civil Rights' oversight of healthcare organization's compliance with the HIPAA privacy rule.
- Upcoming enhancements to health information technology at the Centers for Medicare & Medicaid Services to ensure adequate security controls are in place to protect sensitive EHR and personal information.
- CMS' policies and procedures on health information breaches and medical identity theft, including assessing the actions that CMS has taken in response to any Medicare incidents.