DoD Inspector General Plans Security Audit of Army’s EHR System
The Department of Defense Inspector General plans to investigate the cybersecurity of the military’s electronic health records and individually identifiable health information, according to a DoD memo.
The audit is slated to begin this month and will be performed at the U.S. Army Medical Command, the enhanced Multi-Serve Market led by the Army in Puget Sound Region in Washington, the Army medical center at Joint Base Lewis-McChord, Washington and one Army hospital and clinical each at Fort Carson, Colorado.
“Our objective is to determine whether the Army designed and implemented effective security protocols to protect electronic health records and individually identifiable health information from unauthorized access and disclosure,” Carol Gorman, assistant inspector general, readiness and cyber operations, at the DoD IG’s office wrote in the memo.
Gorman also wrote that the audits starting in August are the first in a series of audits of military department security protocols over electronic health records and individually identifiable health information. “We will consider suggestions from management on additional or revised objectives,” Gorman wrote.
Gorman also wrote that the DoD IG may identify additional locations during the audit.
As previously reported by Healthcare Informatics, Defense Department plans to roll out its $9 billion modernized EHR system by the end of this year, however, a DoD IG audit report released in June stated that the timeline “may not be realistic.”
In that audit report, the DoD Inspector General cautioned about potential delays involved with developing and testing the interfaces needed to interact with legacy systems and ensuring the new EHR system is secure against cyber attacks.