By Duane Morris partner Lisa W. Clark
On March 28 MedStar Health, the largest health system in the Washington, D.C. area, shut down its computer systems, including its electronic health records, on account of an apparent “ransom” attack in which the hackers infected its system with a virus. From media reports, it appears that the hackers demanded an unknown sum to stop the malware attack. The FBI is already involved. This incident, following February’s successful ransom attack on Hollywood Presbyterian Medical Center, reinforces the need for strong data security protection as well, as an incident response plan that includes law enforcement.
In early January, 2014, the Office of Inspector General (“OIG”) for the Department of Health and Human Services (“HHS”) issued a report criticizing HHS’s Centers for Medicare and Medicaid Services (“CMS”) for failing to adopt stronger integrity practices governing electronic health records (“EHRs”). “CMS And Its Contractors Have Adopted Few Program Integrity Practices To Address Vulnerabilities In EHRs,” oig.hhs.gov/oei/reports/oei-01-11-00571.pdf. Here are some of the OIG’s challenges and concerns: “…clues within the progress notes, handwriting styles, and other attributes that help corroborate the authenticity of paper medical records are largely absent in EHRs. Further, tracing authorship and documentation in an EHR may not be as straightforward as tracing in a paper record. Health care providers can use EHR software features that may mask true authorship of the medical record and distort information in the record to inflate health care claims.” Continue reading OIG Criticizes CMS For Lack Of Adequate Fraud Detection Practices in Electronic Health Records
The meaningful use (MU) regulations provide incentive monies for hospitals and physicians that establish electronic health records systems (EHRs) and satisfy other criteria, such as providing new forms of ‘patient engagement’ like technologically-enabled patient-provider communications. The advantages of a wireless record-sharing are enormous – quicker diagnoses, better quality tracking, and seamless payment systems. But there are lots of steps and decisions required in setting up EHRs and developing broader data exchange systems like health information organizations/exchanges (HIOs or HIEs). Last week, the Department of Health and Human Services’ Office of the National Coordinator denied certification for two small EHRs and promised ongoing rigorous enforcement of EHRs. Continue reading Electronic Health Records and Health Information Exchanges/Organizations: The Changing Landscape