OIG Begins EHR Audits

April 30, 2015
OIG Begins EHR Data Security and Meaningful Use Audits

The Department of Health and Human Services (HHS) Office of the Inspector General (OIG) has begun auditing electronic health record (EHR) systems of HIPAA covered entities to ensure that they are compliant with HIPAA data security standards. These audits were outlined in the 2015 OIG work plan.


Additionally, OIG is conducting audits of providers who have received incentive payments from both the Medicare and Medicaid EHR meaningful use (MU) incentive program to determine if they're meeting the MU requirements to which they are attesting.   OIG has already published reports on Medicaid MU payments.


The audits take a few weeks to complete and have been described as thorough and technical by entities who have been subjected to them. The audits examine EHR security plans and procedures for the entities and their business associates with access to EHR data. The audits generally take between two and three weeks.  

Subscribe to Receive Future Articles