The ONC has not done enough to ensure electronic health records certified by authorized entities adequately protect patient health information, according to a new report from HHS' Office of the Inspector General.
CMS has paid out more than $25 billion in incentives to spur providers to purchase and use certified EHR technology. In order to be certified by an ONC-authorized testing and certification body, an EHR system must meet certain privacy and security standards. However, the OIG claims the ONC did not make sure the certifying bodies had procedures to evaluate whether certified EHRs continued to meet these standards and did not make sure personnel working for the certifying bodies were qualified to test EHRs' data security abilities.
In response, the ONC says certification is now performed by separate entities in the ONC Health IT Certification Program and the new 2014 Edition criteria includes more robust testing procedures for data security. However, the OIG says this is not enough to address the agency's security concerns.
More articles on EHRs:
Conflicting views on Epic's interoperability
11 recent EHR go-lives
Stanford launches first ACGME-accredited clinical informatics fellowship