An OIG report released in December 2013 assessed the extent to which hospitals that received Medicare EHR incentive payments as of March 2012 had implemented fraud safeguards for EHR technology previously recommended by an HHS contractor, RTI International, and set forth in a 2007 HHS Office of the National Coordinator for Health Information Technology (ONC) report. The OIG found widespread hospital compliance with RTI-recommended audit functions, user authorization and access controls, and data transfer safeguards, but less than half of hospitals had begun implementing RTI recommendations to include patient involvement in anti-fraud efforts, and only about one quarter of hospitals had policies regarding the use of the copy-paste feature in EHR technology, which potentially could pose a fraud vulnerability. The OIG report includes several recommendations for ONC and CMS to strengthen efforts to address fraud vulnerabilities in EHRs, with which the agencies concurred.