The Government Accountability Office (GAO) noted in a March 28, 2019 letter, sent from Gene L. Dodaro, Comptroller General of the United States to U.S. Department of Health and Human Services Secretary Alex M. Azar II, that among 54 priority recommendations are four critical health information technology and cybersecurity recommendations that have yet to be implemented.
The letter noted that, “serious cybersecurity threats to the infrastructure continue to grow and represent a significant national security challenge. Additionally, recent data breaches have highlighted the importance of ensuring the security of health information, including Medicare beneficiary data. Such data are created, stored, and used by a wide variety of entities, such as health care providers, insurance companies, financial institutions, researchers, and others. The four open priority recommendations within this area outline steps to ensure HHS can effectively monitor the effect of electronic health record (EHR) programs and progress made toward goals, encourage adoption of important cybersecurity processes and procedures among healthcare entities, protect Medicare beneficiary data accessed by external entities, and ensure progress is made toward the implementation of information technology (IT) enhancements needed to establish the electronic public health situation awareness network.”