Disruptions, such as natural disasters or technical malfunctions, can make electronic health records (EHRs) unavailable to hospital staff. Prior OIG work found, for example, that hospitals experienced substantial challenges responding to the effects of Superstorm Sandy, which included damage to health information systems and curtailed access to patient medical records. More recently, cyberattacks on hospitals have similarly prevented or limited access to EHRs. The Office for Civil Rights (OCR) enforces the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, which requires all covered entities to have a contingency plan for responding to disruptions to electronic health information systems. Contingency plans specify processes to recover EHR systems and access backup copies of EHR data in the event of a disruption. This evaluation provides information about the status of hospitals' contingency plans in light of evolving threats to their electronic health information systems.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Department of Health & Human Services | Hospitals Largely Reported Addressing Requirements for EHR Contingency Plans | Disaster Recovery Report | Agency-Wide | View Report | |
| Board of Governors of the Federal Reserve System | The Board's Protective Services Unit is Operating Effectively and Efficiently | Inspection / Evaluation | Agency-Wide | View Report | |
| Department of State | Audit of the Bureau of Near Eastern Affairs Financial Management of Grants and Cooperative Agreements Supporting the Middle East Partnership Initiative | Audit | Agency-Wide | View Report | |
| Social Security Administration | Title II Spousal Or Widow(Er) Beneficiaries Whose Unreported Marriages Caused Improper Title XVI Payments | Audit | Agency-Wide | View Report | |
| Department of Homeland Security | Investigation of Alleged AUO Misuse and Falsification of Timesheets at CBP Internal Affairs, Credibility Assessment Div. (OSC File # DI-14-2511) | Investigation | Agency-Wide | View Report | |
| Department of Homeland Security | ICE Still Struggles to Hire and Retain Staff for Mental Health Cases in Immigration Detention | Inspection / Evaluation | Agency-Wide | View Report | |
| National Science Foundation | Report on the National Science Foundation's Covered Systems under the 2015 Cybersecurity Act | Inspection / Evaluation |
|
View Report | |
| Department of Justice | Audit of the Federal Bureau of Investigation's Cyber Threat Prioritization | Audit | Agency-Wide | View Report | |
| Department of State | Management Assistance Report: Armored Vehicle Training | Other | Agency-Wide | View Report | |
| Department of the Treasury | Termination Memorandum – Audit of BEP’s Production Process for the NexGen $100 Notes | Other | Agency-Wide | View Report | |
