Healthcare Information Security

Cybersecurity News

Secure Exchange of Electronic Data Top HHS Challenge

Ensuring the meaningful and secure exchange and use of electronic information is one of the top 10 challenges currently facing HHS.

By Elizabeth Snell

The Department of Health and Human Services (HHS) is currently facing 10 management and performance challenges, including health information technology and the meaningful and secure exchange and use of electronic information, according to the Office of Inspector General (OIG).

Secure exchange and use of data a top challenge for HHS

The challenges are spread across HHS programs, including, Medicare, Medicaid, the Public Health Service, and the Indian Health Service, OIG explained on its website.

“These challenges cover critical HHS responsibilities that include delivering quality services and benefits, exercising sound fiscal management, safeguarding public health and safety, and enhancing cybersecurity,” OIG wrote.

“OIG maintains a list of recommended solutions to address vulnerabilities detected in its audits and evaluations and identifies the top unimplemented recommendations that, if implemented, are likely to garner significant savings and improvements in efficiency and effectiveness.”

US healthcare is increasingly relying on health IT and the secure exchange of health data, according to OIG.

READ MORE: Texas Healthcare Privacy, Security Focus in Recent Partnership

They can help create improved patient care, more efficient practice management, and improved overall public health.

Within secure data exchange and other health IT issues, HHS needs to specifically focus on safeguarding privacy and ensuring data security, along with improving the flow of complete, accurate, and timely information, OIG maintained. HHS must also deliver on its promise of health IT.

“HHS faces challenges in ensuring that the goals associated with investing in the widespread adoption and use of EHRs and other health IT are fulfilled, and that the promise offered by health IT is realized,” stated OIG.

Along with the secure exchange of data, HHS must work through the following areas:

  • Ensure program integrity  
  • Effectively administer the Medicaid program to improve oversight of managed care, address high improper payments, and strengthen program integrity
  • Improve financial and administrative management
  • Ensure the proper administration of HHS grants for public health and human services programs
  • Curb the abuse and misuse of controlled and non-controlled drugs in Medicare Part D and Medicaid
  • Ensure quality care and safety for vulnerable populations
  • Operate and oversee the health insurance marketplaces
  • Manage delivery system reform and strengthen Medicare Advantage
  • Ensure the safety of food, drugs, and medical devices

HHS has made progress when it comes to data security and privacy issues, OIG noted. For example, HHS participated in the U.S. Chief Information Officer's 30-day Cybersecurity Sprint and the development of the PMI: Data Security Policy Principles and Framework.

READ MORE: Increased Sharing Puts Healthcare Data Integrity at Risk

“HHS has made great strides in developing a nationwide health IT infrastructure that supports the appropriate flow of complete, accurate, and timely information,” OIG wrote. “As of September 2016, more than 599,000 eligible professionals, eligible hospitals, and critical access hospitals were actively registered in the EHR incentive programs.”

Furthermore, the agency established a hotline to receive complaints concerning potential information blocking practices. HHS also issued a final rule implementing related attestation requirements under the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA).

Even so, HHS must remain vigilant as cybersecurity threats continue to evolve. Healthcare ransomware attacks are just one example of how data security needs to remain a top priority, OIG advised.

“OIG work will continue to focus on HHS systems' privacy and security to support HHS's efforts to mitigate the risk of unauthorized access to its sensitive information,” said OIG. “HHS must also use available policy levers to address health IT privacy and security issues.”  

HHS needs to ensure that its data systems are developed and operated so complete, accurate, and timely data can be delivered. Additionally, any potential barriers to leveraging health IT and related data to advance public health initiatives must be removed. This can help to facilitate the “sharing and use of information along the entire continuum of care.”

READ MORE: HIMSS Urges Holistic Security to Combat Cybersecurity Threats

Being able to measure the extent to which EHRs and health IT have achieved certain HHS goals - such as improved healthcare and lower costs - is also necessary.

As HHS develops policies, such as those related to the development and implementation of meaningful use stages and implementation of the Advancing Care Information Performance Category of MIPS created in MACRA, it should continue to consider feedback from stakeholders to ensure that adopted policies advance the Nation toward HHS's stated goals, while appropriately reflecting the rapidly changing health IT landscape and balancing privacy and security considerations.

Examining health IT interoperability across HHS, between providers and patients, and the outcomes from health IT investments may also need to be investigated in the future, OIG concluded.

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks