Office of Inspector General (OIG) Issues Report on Vulnerabilities in EHRs (Electronic Health Records)
Thursday, January 9, 2014
Print Mail Download i

As hospitals and other healthcare providers continue to respond to the federal government’s push to adopt electronic health record (EHR) technology, the OIG continues to sound an alarm about EHRs and fraud.  For the second time in two months, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) has issued a report warning about potential flaws in EHRs and their potential for fraudulent activity.  In addition to previous government statements of concern about EHR technology, this latest OIG report again emphasizes the government’s concern that electronic health records may make it easier to commit fraud, particularly through the use of the copy and paste (the government calls this “cloning”) function and over-documentation through the use of automatic tools, thus leading to upcoding.

Released today, the second the OIG report is entitled “CMS and Its Contractors Have Adopted Few Program Integrity Practices to Address Vulnerabilities in EHRs.”  This latest report concluded:

  • The Centers for Medicare and Medicaid Services (CMS) and its contractors (Medicare Audit Contractors, Recovery Audit Contractors, and Zone Program Integrity Contractors) have adopted few program integrity practices specific to EHRs;

    • Few contractors review EHRs differently than paper records

    • Not all contractors can tell whether providers copied language or over-documented

  • CMS has provided limited guidance to contractors on EHR fraud vulnerabilities.

The OIG recommended that CMS provide guidance to contractors on detecting fraud associated with EHRs. CMS agreed with this recommendation.  The OIG also recommended that CMS direct its contractors to use providers’ audit logs to help demonstrate that EHR documentation supports claims for services. CMS concurred in part with the second recommendation, but also said that audit logs may not be appropriate in all circumstances and that use of such logs requires special training.  CMS said it is working with its contractors and other agencies and workgroups on this issue.

In December 2013, the OIG released another report that concluded that hospitals were not using all recommended fraud safeguards in EHR technology.  In the December report, the OIG recommended that:

  • Audit logs be operational whenever EHR technology is available for updates or viewing;

  • CMS and the Office of the National Coordinator For Health Information Technology (ONC) strengthen efforts to develop a comprehensive plan to address fraud vulnerabilities in EHRs; and

  • CMS develop guidance on the use of copy and paste features in EHRs.

CMS and ONC agreed with these recommendations.

The government has long been concerned that EHRs may lead to fraud.  For example, in September 2012 the HHS secretary and the attorney general wrote a letter to various hospital organizations warning about potential fraud:

“… there are troubling indications that some providers are using this technology to game the system, possibly to obtain payments to which they are not entitled.  False documentation of care is not just bad patient care; it’s illegal.  These indications include potential “cloning” of medical records in order to inflate what providers get paid.  There are also reports that some hospitals may be using electronic health records to facilitate “upcoding” of the intensity of care or severity of patients’ condition as a means to profit with no commensurate improvement in the quality of care.”

It will come as no surprise to providers that the government will focus on medical record documentation, especially in electronic records, to detect potential fraud or inappropriate billing.

Providers should:

  • Continue their own auditing and education efforts to ensure:

    • Medical record documentation is tailored to the specific patient and is appropriate to the patient’s condition and treatment;

    • Documentation tools are used correctly so that they do not create record entries that are not specific to a particular patient at the time of his or her encounter;

    • Limited and correct use of copy and paste function so that material that is copied is strictly appropriate to the present encounter; and

    • EHR audit tools are always turned on and audit records are retained along with the medical record documentation.

  • Watch for further government guidance on EHR documentation and auditing.

©2024 von Briesen & Roper, s.c

Current Legal Analysis

More from von Briesen & Roper, s.c.

U.S. Supreme Court Holds That A Unilateral Job Transfer Maintaining the Same Pay and Benefits Could Be Discrimination Under Title VII
by: James R. Macy
Policy Exceptions – A Tale of Two Interpretations
by: Steven R. Beckham
Use of the ASTM E1527-21 Phase I Environmental Site Assessment Standard Practice is Now Required to Meet CERCLA Liability Protections
by: David P. Ruetz , Christina M. Lucchesi
DOL Issues SECURE 2.0 Guidance on PLESAs and Automatic Portability
by: Kelly J. Noyes
What Compliance Officers Need to Know From 2023’s Compliance Trends
by: Stacy C. Gerber Ward
What You Need To Know About The Corporate Transparency Act
by: Randy S. Nelson
Appellate Court of Illinois and Seventh Circuit Issue Conflicting Decisions Regarding Applicability of “Violation-of-Law Exclusion” in BIPA Actions
by: Edric S. Bautista , Mollie T. Kugler
Your Company’s Beneficial Ownership Information Report Required by the Corporate Transparency Act Is Due Soon
by: Randy S. Nelson
Legislature Amends Law Permitting Collective Bargaining Negotiations Involving Certain Aspects of Health Care Plan Design and Coverage
by: Kyle J. Gulya , Ryan P. Heiden
Surge in Class Actions Under the Illinois Genetic Information Privacy Act
by: Restructuring & Insolvency at von Briesen & Roper, s.c.

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins