OIG Targets Meaningful Use
By: James B. Wieland
Ober|Kaler's Health Law attorneys are regular contributors to Medical Laboratory Observer's "Liability and the Lab" column at mlo-online.com. This article appears in the April 2011 edition.
Q: What is the Office of the Inspector General’s (OIG) role in electronic health records (EHR)?
A: The OIG recently released its Recovery Act Implementation Overview and Work Plan (Plan) for 2011. A significant portion of the Plan items relate to healthcare information technology (HIT), including meaningful use. With regard to HIT generally, the OIG seems especially concerned with information security.
The meaningful-use incentive program contemplates a large outlay of government funds to eligible professionals and hospitals who have met technically exacting criteria regarding the implementation and use of varied HIT. The OIG intends to monitor this program closely. In total, the Plan includes a half dozen different items related to meaningful use. The OIG intends to:
As part of the meaningful-use program, the Office of the National Coordinator for Health Information Technology (ONC) sets standards for the certification of EHR systems and modules. Providers may only receive incentive payments where they use meaningful-use-certified EHR technology. Final testing of EHRs and final determinations of certification status is made by Authorized Testing and Certification Bodies (ATCBs) named by the ONC. With regard to the ONC, the OIG intends to:
Finally, the OIG Plan included as an independent work item examination of providers’ compliance with HIPAA and Recovery Act requirements and the HHS Office of Civil Rights’ (OCR) compliance with the enforcement responsibilities authorized by the Recovery Act.
The OIG’s plan to review the certification of certain EHR technologies raises the question of whether a negative review could result in the “de-certification” of previously certified EHR technologies that providers have already implemented. In addition, the OIG’s plan to review the enforcement activities of the OCR should remind all healthcare providers that properly executed and implemented HIPAA policies, procedures, and training must remain a foremost compliance concern.
© 2013 Ober|Kaler All Rights Reserved.