Submitting OIG:
Report Description:
Disruptions, such as natural disasters or technical malfunctions, can make electronic health records (EHRs) unavailable to hospital staff. Prior OIG work found, for example, that hospitals experienced substantial challenges responding to the effects of Superstorm Sandy, which included damage to health information systems and curtailed access to patient medical records. More recently, cyberattacks on hospitals have similarly prevented or limited access to EHRs. The Office for Civil Rights (OCR) enforces the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which requires all covered entities to have a contingency plan for responding to disruptions to electronic health information systems. Contingency plans specify processes to recover EHR systems and access backup copies of EHR data in the event of a disruption. This evaluation provides information about the status of hospitals' contingency plans in light of evolving threats to their electronic health information systems.
Date Issued:
Friday, July 22, 2016
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
OEI-01-14-00570
Component, if applicable:
Office for Civil Rights
Location(s):
Agency-Wide
Type of Report:
Disaster Recovery Report
Questioned Costs:
$0
Funds for Better Use:
$0
Number of Recommendations:
0
View Document:
Attachment | Size |
---|---|
oei-01-14-00570.pdf | 811.98 KB |
Additional Details Link: