OIG: Health IT remains a top challenge facing HHS
Health information technology remains a top management and performance challenge confronting the Department of Health and Human Services, as the healthcare industry attempts to leverage the universal adoption of electronic health records and achieve true EHR interoperability.
That’s the contention of the HHS Office of the Inspector General, which ranked health IT third overall in its annual ranking of the department’s top 10 management and performance challenges.
Specifically, auditors expressed their concerns about the meaningful, secure exchange and use of electronic information—not just for HHS but also the overall U.S. healthcare system, which increasingly rely on such data.
“Health IT, including electronic health records, offers opportunities for improved patient care, more efficient practice management, and improved overall public health. However, HHS continues to face a number of significant challenges in this information-rich environment,” states the OIG.
While HHS has made significant investments in HIT, auditors warn that enabling and encouraging the flow of health information remains a challenge for HHS. They point to several factors impeding the flow of information including technical barriers, such as the lack of interoperability; the complex nature of federal and state privacy and security laws; financial considerations, such as the cost of health IT acquisition; and behavioral issues, such as information blocking and consumer confidence, that relate to a willingness to share information.
In particular, OIG’s report notes that improving the flow of complete, accurate and timely information is critical between HHS and providers.
“Data created, maintained, or transmitted using EHRs or other health IT are used to ensure correct Medicare and Medicaid payments, including value-based payments,” states the report. “Participants in certain initiatives also receive departmental data for their use in improving the care they furnish. Additionally, HHS increasingly uses and shares data as part of its program operations and program integrity efforts.”
As a result, auditors argue that HHS must continue to find ways to tap into the huge amounts of data at its disposal to enhance decision-making, including streamlining and accelerating internal data exchange, while ensuring that Medicare and Medicaid systems have data that is complete, accurate, timely, and appropriately protected.
“It is also essential that privacy, security, and fraud prevention remain at the forefront of health IT efforts of HHS, ONC, OCR, and CMS,” they say. “Ongoing OIG work is examining the accuracy of Medicare and Medicaid EHR incentive payments for meaningful use and health IT interoperability across providers participating in accountable care organizations. Future work may also examine health IT interoperability across HHS and between providers and patients as well as outcomes from health IT investments.”
In light of the federal government’s more than $30 billion investment in EHR incentives, auditors contend that it is important for HHS to measure the extent to which health IT has achieved its stated goals of improving patient care and lowering healthcare costs.
“As HHS develops policies, such as those related to the development and implementation of meaningful use stages and implementation of the Advancing Care Information Performance Category of MIPS created in MACRA, it should continue to consider feedback from stakeholders to ensure that adopted policies advance the Nation toward HHS's stated goals, while appropriately reflecting the rapidly changing health IT landscape and balancing privacy and security considerations,” states the OIG. “Additional guidance and technical assistance should be issued to address adoption, meaningful use, interoperability barriers, and program integrity safeguards.”
Although HHS has made progress in protecting its own information, OIG finds that more work remains to be done, especially as the number of healthcare data breaches and cybersecurity threats such as ransomware continue to grow.
Among the cybersecurity shortcomings cited by auditors: inadequacies in access controls, patch management, encryption of data, and website security vulnerabilities at HHS, healthcare providers, States, and other entities that do business with the department.
“Such weaknesses could impact the department's ability to protect against unauthorized access to sensitive information,” concludes the report. HHS officials could not be immediately reached for comment on the OIG report.