EHR-Enabled Fraud Remains a Concern

By Cheryl Branche for Medical Economics

Imagine, in an effort to bill a higher fee, a colleague cuts and pastes a complete history and physical examination you wrote in the electronic health record (EHR) of your patient, but forgets to make adjustments based on his/her findings.

This is happening with EHRs in hospitals and practices nationwide. While the Centers for Medicare and Medicaid Services (CMS) estimates that nearly $29 billion of improper payments were made in 2015, according to spokespersons for the Office of the Inspector General (OIG) and CMS, the full extent of EHR fraud remains elusive.

A little background

In December 2013, OIG published “Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology,” which addressed whether providers used the fraud prevention strategies recommended by the Office of the National Coordinator for Health Information Technology (ONC). Recommended fraud prevention strategies had been used only minimally. It subsequently recommended that audit logs be kept on when EHR technology is available for viewing, that ONC and CMS develop a comprehensive plan to address fraud vulnerabilities in EHRs and that CMS develop guidance on the use of the copy-paste feature.

CMS stated that it supports ONC’s development of certification criteria toward this goal, that it was committed to providing technical assistance to other federal agencies with healthcare fraud enforcement authority and that it audits hospitals to ensure the integrity of the EHR incentive payments. CMS said that it would develop guidelines to ensure that the copy-paste feature is used appropriately.

A January 2014 OIG report, “CMS and Its Contractors Adopted Few Program Integrity Practices to Address Vulnerabilities in EHRs,” stated that not all contractors reported being able to determine whether a provider had copied language or over-documented in a medical record and that CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities.

Unimplemented recommendations still remain

According to the OIG March 2015 report, “Compendium of Unimplemented Recommendations,” fraud poses a threat to patient care and it harms the defrauded agencies. It recommended that the U. S. Department of Health and Human Services do more to ensure that all hospital EHRs contain safeguards against fraud enabled by the use of EHRs. OIG found that “nearly all hospitals may not be using recommended the audit function to its fullest extent. ONC again implemented recommendations proffered by RTI International “to enhance data protection, increase data validity, and strengthen fraud protection in electronic health technology.”

Subsequently, a July 2015 CMS report, “Program Integrity Issues of Electronic Health Records: An Overview,” cites that again there was an increase in concern about the potential for fraud and risk to patient care.

Despite recommendations… still

Today, the 2016 Compendium points out copy-paste as a primary concern, which can lead to fraud and errors in the electronic health record that may affect patient care.

Only 25% of hospitals had policies regarding the use of copy-paste in EHRs. The ONC and CMS once again agreed to develop a comprehensive plan address the fraud vulnerabilities in the electronic health record where CMS and continue to develop a comprehensive plan to detect and reduce fraud, however these efforts are not directed toward strengthening collaborative efforts with ONC.

Despite recommendations by OIG, electronic health record fraud remains a problem.

Share Article:
Dolbey Systems, Inc.