CMS has paid out more than $25 billion in incentives to spur providers to purchase and use certified EHR technology. In order to be certified by an ONC-authorized testing and certification body, an EHR system must meet certain privacy and security standards. However, the OIG claims the ONC did not make sure the certifying bodies had procedures to evaluate whether certified EHRs continued to meet these standards and did not make sure personnel working for the certifying bodies were qualified to test EHRs’ data security abilities.
In response, the ONC says certification is now performed by separate entities in the ONC Health IT Certification Program and the new 2014 Edition criteria includes more robust testing procedures for data security. However, the OIG says this is not enough to address the agency’s security concerns.
More articles on EHRs:
Conflicting views on Epic’s interoperability
11 recent EHR go-lives
Stanford launches first ACGME-accredited clinical informatics fellowship
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
