Report Summary

Title: Joint Audit of the Department of Defense and the Department of Veterans Affairs Efforts to Achieve Electronic Health Record System Interoperability
Report Number: 18-04227-91 Download
Report
Issue Date: 5/5/2022
City/State:
VA Office: Office of the Secretary
Report Author: Office of Special Reviews
Report Type: Special Review
Release Type: Unrestricted
Summary:

This joint audit led by the DoD OIG examined actions taken by the DoD and VA regarding the Cerner Millennium electronic health record (EHR) system being deployed throughout VA and DoD. The audit assessed internal controls and compliance with legal requirements, as well as actions by DoD, VA, and their joint Federal Electronic Health Record Modernization (FEHRM) Program Office to help ensure that health care providers serving veterans can access a patient’s complete EHR. The audit focused on whether those actions would achieve interoperability between DoD, VA, and external health care providers.

The joint audit found that DoD and VA took some actions to achieve system interoperability, but there are remaining challenges. DoD and VA did not consistently migrate information from legacy systems into Cerner Millennium to create a single, complete patient EHR; develop interfaces from all medical devices to the system; or ensure users were granted access to Cerner Millennium only for information needed for their duties. A contributing factor for these deficiencies was that the FEHRM Program Office did not develop a clear plan to achieve full interoperability or actively manage the program’s success.

The audit report recommends that DoD and VA review FEHRM’s actions and direct the program office to comply with its charter and applicable laws. The FEHRM should also coordinate with DoD and VA on implementing recommendations that include (1) determining the type of health care information that constitutes a complete EHR; (2) implementing a plan for accurately migrating legacy health care information; (3) create medical device interfaces to directly transfer health care information to Cerner Millennium; and (4) implementing a plan to modify system user roles to ensure their access is restricted to only information needed to perform their duties.