{"id":225583,"date":"2026-06-03T18:03:00","date_gmt":"2026-06-03T22:03:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/03\/ehr-modernization-needs-better-cyber-and-privacy-collaboration-gao-says\/"},"modified":"2026-06-03T18:15:13","modified_gmt":"2026-06-03T22:15:13","slug":"ehr-modernization-needs-better-cyber-and-privacy-collaboration-gao-says-2","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/03\/ehr-modernization-needs-better-cyber-and-privacy-collaboration-gao-says-2\/","title":{"rendered":"EHR modernization needs better cyber and privacy collaboration, GAO says"},"content":{"rendered":"<p><a href=\"https:\/\/www.nextgov.com\/modernization\/2026\/06\/ehr-modernization-needs-better-cyber-and-privacy-collaboration-gao-says\/413959\/?orefu003dng-homepage-river\">EHR modernization needs better cyber and privacy collaboration, GAO says<\/a><\/p>\n<p><a href=\"https:\/\/www.nextgov.com\/modernization\/2026\/06\/ehr-modernization-needs-better-cyber-and-privacy-collaboration-gao-says\/413959\/?orefu003dng-homepage-river\">https:\/\/www.nextgov.com\/modernization\/2026\/06\/ehr-modernization-needs-better-cyber-and-privacy-collaboration-gao-says\/413959\/?orefu003dng-homepage-river<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-03 18:03:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.nextgov.com\">www.nextgov.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\nThe Government Accountability Office said on Tuesday that the unit overseeing the federal government\u2019s new electronic health record system is not collaborating enough with its partner agencies to secure the software against digital threats or ensure that patient data is sufficiently protected.\u00a0In a watchdog report, GAO said the Federal Electronic Health Record Modernization office \u201cdoesn&#8217;t fully follow leading practices for collaboration\u201d when it comes to the cybersecurity and privacy of data with the new EHR system.\u00a0The office oversees the government\u2019s effort to deploy one common, interoperable system across the Department of Veterans Affairs, the Defense Department, the U.S. Coast Guard and the National Oceanic and Atmospheric Administration. GAO said the completed system is expected to have \u201cmore than 500,000 users providing care to over 18 million servicemembers, veterans, and their families, making it one of the nation\u2019s largest electronic health record systems.\u201dFEHRM was created through a joint charter signed by DOD and VA in December 2019, with the four participating agencies taking on varying levels of cyber and privacy responsibilities.DOD is primarily responsible for managing the cybersecurity of the EHR software and the network used to access the system. GAO said VA also has \u201cresponsibility for the cybersecurity of its own network.\u201d Each of the four agencies is also responsible for managing their own networks and following applicable privacy laws when it comes to handling users\u2019 data.While GAO said that FEHRM has \u201cinitiated a number of efforts to promote collaboration\u201d with the four agencies, it added that \u201cit has done so without well-defined common goals and outcomes.\u201d The watchdog added this includes concerns that the office does not \u201cmonitor, assess or communicate on performance measures\u201d to hold its partners accountable.\u00a0\u201cArticulating clear and measurable goals would better position the FEHRM to oversee the coordinated cybersecurity of the federal EHR by providing insight into the specific resources, skills, or time needed to address shared responsibilities,\u201d the report said. \u201cFurther, these goals would help hold the FEHRM accountable for demonstrating how its activities, such as the development of the Joint Incident Management Framework, align with the common outcomes it seeks to achieve.\u201dFEHRM has been working to create the framework since 2021 to streamline agency responses to EHR-directed cyber threats, with GAO saying the guidance was most recently scheduled to be released in April.\u00a0Without outlining clear goals and outcomes, the watchdog said \u201cprogress on planned efforts, such as the Joint Incident Management Framework, may be impeded or further delayed.\u201dGAO\u2019s concerns about planning extended to the office\u2019s logistical operations, with the report saying that FEHRM \u201chas not fully articulated specific short- or long-term goals or intended outcomes related to the cybersecurity of the federal EHR or the privacy of health data within it.\u201d This included office officials telling GAO in January 2026 that it was still developing its goals for fiscal year 2026.The watchdog made two recommendations, including calling for both DOD and VA leaders to press FEHRM \u201cto define common goals, outcomes, and associated performance measures, and monitor, assess, and communicate progress on collaboration efforts toward ensuring the cybersecurity and privacy of the federal enclave.\u201dDOD did not concur with the report as it was written. VA neither agreed nor disagreed with GAO\u2019s takeaways, but said it initially focused on establishing a unified culture to build trust with partner agencies, which it called \u201cthe essential first step.\u201d\u00a0While the joint EHR system has reportedly not been directly targeted by a cyberattack, previous cyber incidents have underscored the impact these types of breaches and digital assaults can have on healthcare delivery.\u00a0A February 2024 ransomware attack on Change Healthcare \u2014 a subsidiary of UnitedHealth Group and the largest healthcare payment system in the U.S. \u2014 disrupted payments and prescription processing at medical facilities across the U.S. This included VA\u2019s systems, with an agency official saying at the time that it affected just over 40,000 veterans\u2019 medications.That attack also affected \u201cinterface assessments\u201d at the Captain James A. Lovell Federal Health Care Center in North Chicago, Illinois, a joint DOD-VA facility that was in the process of switching over to the new federal EHR system. That rollout, which occurred in March 2024, was the Pentagon\u2019s last site rollout of the new software.DOD and NOAA have completed their deployments of the new software, and the Coast Guard is reportedly in the final stages of its rollout. VA, however, has faced numerous missteps in its own EHR implementation effort.\u00a0VA paused most rollouts of the EHR system in April 2023 to address a host of safety, technical and usability concerns. The agency and DOD subsequently conducted the Lovell deployment during the reset period, which was the sixth VA facility to receive the new software.\u00a0The agency recently resumed EHR software rollouts at four Michigan-based medical facilities in April and plans to deploy the system at nine more sites in 2026. VA Secretary Doug Collins told Congress last month that the new rollouts were \u201cphenomenal,\u201d although he said the agency needs to go back and fix issues at the first five sites that received the software.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>EHR modernization needs better cyber and privacy collaboration, GAO says https:\/\/www.nextgov.com\/modernization\/2026\/06\/ehr-modernization-needs-better-cyber-and-privacy-collaboration-gao-says\/413959\/?orefu003dng-homepage-river Publish Date: 2026-06-03 18:03:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":225586,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.nextgov.com\/media\/img\/cd\/2026\/06\/03\/060326EHRNG\/open-graph.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-225583","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225583"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=225583"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225583\/revisions"}],"predecessor-version":[{"id":225588,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225583\/revisions\/225588"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/225586"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=225583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=225583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=225583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}