HHS OIG to Study Meaningful Use Payments and EHR Security
The HHS Office of Inspector General expects in fiscal 2015 to review electronic health records meaningful use incentive payments and the security of electronic health records under the program.
OIG will assess the appropriateness of meaningful use incentive payments in a program not termed as an audit, and separate from the pre- and post-payment meaningful use audits that the Centers for Medicare and Medicaid Services already is conducting (see What You Need to Know About Meaningful Use Audits).
We will review Medicare incentive payment data from 2011 to identify payments to providers that should not have received incentive payments (e.g., those not meeting selected meaningful use criteria), according to HHS OIGs work plan for 2015. We will also assess CMSs plans to oversee incentive payments for the duration of the program and corrective actions taken regarding erroneous incentive payments. Medicaid incentive payments also will be reviewed.
The scope of the OIG reviews is not clear. A spokesperson says OIG auditors will conduct the reviews and share findings with CMS.
OIG also will audit the security of certified EHRs under the meaningful use program. We will perform audits of various covered entities receiving EHR incentive payments from CMS and their business associates, such as EHR cloud service providers, to determine whether they adequately protect electronic health information created or maintained by certified EHR technology, according to the work plan.
In particular, OIG cites the conducting of a security risk analysis by covered entities, and whether cloud services and other downstream service providers are adequately complying with regulatory requirements and contractual agreements, as important parts of the audit.