Report: Electronic Health Record Security Lacking
HEALTHCARE PRIVACY—U.S.May 19, 2011
The Department of Health and Human Services Office of the Inspector General (OIG) has released two reports that offer "harsh" critiques of the department's efforts to protect electronic health records, HealthcareInfoSecurity reports. One report asks the Office for Civil Rights (OCR) to "ramp up" its compliance review efforts in order to make sure appropriate security controls are in place in healthcare facilities. The OIG found "a lack of general (information technology) security controls during prior audits at Medicare contractors, state Medicaid agencies and hospitals." The OCR has noted the federal final rule covering changes to HIPAA will not mandate encryption. The second report, which addressed the HITECH Act electronic health record incentive program, concluded that the program did not adequately meet several security issues. One expert notes this is a "wake-up call to the healthcare industry."