GAO calls for better cybersecurity coordination for electronic health records

(Defense Health Agency / Ken Cornwell)

By GAO • Jun 04, 2026

The Department of Defense (DOD) has primary responsibility for ensuring the cybersecurity of the federal electronic health record (EHR). The Federal Electronic Health Record Modernization office (FEHRM) is responsible for providing direction and oversight on joint functions. To that end, the FEHRM works to improve interagency cybersecurity and privacy collaboration by providing opportunities for partner agencies to coordinate and by initiating joint activities to enhance the security of the system.

Accordingly, a GAO review found that the FEHRM facilitated collaboration among partner agencies; however, the collaboration would be improved by fully addressing leading practices. For example, it has not fully articulated specific or common goals or outcomes related to the cybersecurity of the EHR or the privacy of data within it. Further, the FEHRM reported that it did not have related performance measures for monitoring progress towards these outcomes.

Addressing the shortfalls in interagency collaboration could provide better understanding of the resources needed to address shared responsibilities and clearer insight into the impacts of joint efforts. As a result, the FEHRM, partner agencies and Congress could have greater assurance that appropriate actions are being taken to keep the system and its data secure and to prevent its exploitation by adversaries.