OIG: Information Sharing, Security Challenges Dog HHS
The meaningful and secure exchange of electronic health information are among the Department of Health and Human Services’ top challenges, according to the HHS Office of the Inspector General.
“Health IT, including electronic health records, offers opportunities for improved patient care, more efficient practice management, and improved overall public health. However, the Department faces a number of significant challenges in this information-rich environment,” states the OIG in its annual list of challenges.
While auditors note that HHS has made significant investments in EHRs through the Meaningful Use program, they point to several factors impeding the flow of health information including technical barriers (e.g., lack of interoperability), the complex nature of federal and state privacy and security laws, financial considerations (e.g., the cost of health IT acquisition), and behavioral issues—such as information blocking and consumer confidence—that relate to a willingness to share information.
In particular, OIG calls out the importance of the flow of information between HHS and providers. Data created, maintained, or transmitted using EHRs or other health IT are vital to ensuring correct Medicare and Medicaid payments, including value-based payments.
As HHS moves toward value-based reimbursement, auditors argue that that the data collected and provided by EHRs and other health IT for these alternative payment models must be shared.
“To fully realize the value of health IT investments—which included, as of September 2015, over $31 billion through the EHR incentive programs—and achieve the goal of a learning health system identified in the 10-Year Vision Paper, the Department must do more to improve the flow of information, subject to appropriate privacy and security safeguards,” recommends the OIG.
Ensuring the privacy and security of health information is also among the top management and performance challenges facing HHS, argue auditors, who reference the fact that the “frequency of notable data breaches has increased significantly.”
Although HHS has made progress with respect to protecting its own information, OIG finds that more remains to be done including using available “policy levers” to address health IT privacy and security issues such as through the EHR Incentive Programs.