The Government Accountability Office (GAO) labeled health information technology (IT) as one of the Department of Health and Human Services’ (HHS’s) priority recommendation areas for this year.
Along with health IT, GAO identified a list of nine other priority areas with 54 overall recommendations that HHS should focus on. GAO released HHS’s priority recommendation letter today alongside the Departments of Veterans Affairs and Defense publicly for the first time today.
Four of the open priority recommendations involve health information technology, which include that:
- The Centers for Medicare and Medicaid Services (CMS) develop processes and procedures to ensure that qualified groups and researchers have implemented information security controls effectively throughout their agreements with CMS;
- HHS collaborate with the Department of Agriculture to consult with other sector partners and develop methods for determining the level and type of cybersecurity framework they adopt;
- HHS make progress toward implementing IT enhancements needed to establish electronic public health situational awareness network capabilities mandated by the Pandemic and All-Hazards Preparedness Reauthorization Act of 2013
- CMS and the Office of the National Coordinator for Health Information technology effectively monitor the electronic health record (EHR) programs, progress toward EHR goals, and outcomes of EHR programs, including effects on healthcare quality, efficiency and patient safety.
HHS agreed with the first two recommendations, but it did not agree or disagree with the last two.
GAO, however, said that it’s important that HHS bolster its IT systems so that the United States’ critical infrastructure can provide its services and remain secure.
“The nation’s critical infrastructure provides the essential services – including health care – that underpin American society,” GAO said. “The infrastructure relies extensively on computerized systems and electronic data to support its missions. However, serious cybersecurity threats to the infrastructure continue to grow and represent a significant national security challenge.”
Healthcare data like Medicare beneficiary data, GAO added, is created, stored, and used by a variety of group, like healthcare providers, insurance companies, researchers, and financial institutions. As HHS works toward making data interoperable, keeping that data secure must remain a priority, especially given the prevalence of mass data breaches.
HHS has nine other areas GAO said it should improve, including Medicare payment policy and design; Medicaid spending oversight, accountability, and transparency; Medicaid guidance, assessments, and collaboration in reducing improper payments in Medicare and Medicaid; oversight of imported medical products and food; quality and timeliness of Indian Health Service healthcare services; oversight in addressing opioid use disorders; oversight in Public Health Service Act drug discounts; health insurance marketplace subsidies and enrollment integrity; and federal awards and research grant oversight.