A new analysis by the HHS Office of the Inspector General suggests that the agency still has work to do and appropriately managing health information technology and making sure it performs, according to Health Data Management. And unfortunately, the problems it highlights don’t seem likely to go away anytime soon.
The critique of HHS’s HIT capabilities came as part of an annual report from the OIG, in which the oversight body lists what it sees as the department’s top 10 management and performance issues. The OIG ranked HIT third on its list.
In that critique, auditors from the OIG pointed out that there are still major concerns over the future of health data sharing in the US, not just for HHS but also in the US healthcare system at large. Specifically, the OIG notes that while HHS has spent a great deal on health IT, it hasn’t gotten too far in enabling and supporting the flow of health data between various stakeholders.
In this analysis, the OIG sites several factors which auditors see as a challenge to HHS, including the lack of interoperability between health data sources, barriers imposed by federal and state privacy and security laws, the cost of health IT infrastructure and environmental issues such as information blocking by vendors. Of course, the problems it outlines are the same old pains in the patoot that we’ve been facing for several years, though it doesn’t hurt to point them out again.
In particular, the OIG’s report argues, it’s essential for HHS to improve the flow of up-to-date, accurate and complete electronic information between the agency and providers it serves. After all, it notes, having that data is important to processing Medicare and Medicaid payments, quality improvement efforts and even HHS’s internal program integrity and operations efforts. Given the importance of these activities, the report says, HHS leaders must find ways to better streamline and speed up internal data exchange as well as share that data with Medicare and Medicaid systems.
The OIG also critiqued HHS security and privacy efforts, particularly as the number of healthcare data breaches and potential cyber security threats like ransomware continue to expand. As things stand, HHS cybersecurity shortfalls abound, including inadequacies and access controls, patch management, encryption of data and website security vulnerabilities. These vulnerabilities, it noted, include not only HHS, but also the states and other entities that do business with the agency, as well as healthcare providers.
Of course, the OIG is doing its job in drawing attention to these issues, which are stubborn and long-lasting. Unfortunately, hammering away at these issues over and over again isn’t likely to get us anywhere. I’m not sure the OIG should have wasted the pixels to remind us of challenges that seem intractable without offering some really nifty solutions, or at least new ideas.