GAO: EHR modernization office needs to improve cybersecurity collaboration
GAO: EHR modernization office needs to improve cybersecurity collaboration
Publish Date: 2026-06-08 12:44:00
Source Domain: www.techtarget.com
The Government Accountability Office addressed interagency collaboration shortfalls in a new report focused on the Federal Electronic Health Record Modernization office, a joint Department of Defense and Department of Veterans Affairs office that is responsible for providing oversight on joint functions within the federal EHR.
The GAO recommended that the DOD and VA direct the FEHRM office to define common goals and increase collaboration to ensure the cybersecurity and privacy of the federal EHR. The DOD disagreed with the watchdog’s report, while the VA neither agreed nor disagreed with the recommendations.
The federal EHR is one of the largest EHR systems in the country, supporting millions of beneficiaries across four agencies: the DOD, the VA, the U.S. Coast Guard and the National Oceanic and Atmospheric Administration.
Thanks to a provision under the Further Consolidated Appropriations Act of 2024, the GAO is entitled to report on aspects of the federal EHR. For this report, GAO interviewed agency officials, compared FEHRM collaboration efforts to leading best practices and reviewed interagency agreements pertaining to the use of the federal EHR.
The FEHRM office was chartered in December 2019, serving as the sole decision-making authority “for DOD and VA to provide unified direction on joint functions to ensure that the departments deliver an interoperable EHR system,” the report noted.
The charter charged the FEHRM office with managing the risks and operations of the joint EHR hosting environment, as well as managing cybersecurity, network security, disaster recovery and access management.
Given these responsibilities, the FEHRM office has made efforts to improve interagency cybersecurity and privacy, GAO acknowledged.
For example, the FEHRM office hosts a weekly cybersecurity team meeting, which gives stakeholders a forum to discuss cybersecurity best practices and demonstrate tabletop exercises to prepare for cybersecurity incidents.
Other…
