News: OIG finds CMS, contractors could do more to establish EHR safeguards
January 16, 2014
CDI Strategies - Volume 8, Issue 2
Contractors could use a little guidance from CMS to do a better job at reviewing medical records for electronic health record (EHR) problem areas. For example, clues within the progress notes, hand writing styles, and other attributes that help corroborate the authenticity of paper medical records are largely absent in EHRs, according to a recent report from the Office of the Inspector General (OIG).
Further, tracing authorship and documentation in an EHR may not be as straightforward as tracing in a paper record. Health care providers can use EHR software features that may mask true authorship of the medical record and distort information in the record to inflate health care claims.
In addition, the report cites two primary examples of potential EHR practices which could be used to commit fraud; copy and pasting and over documentation. The agency defines over documentation as inserting false or irrelevant information to support billing for high level services.
The report states that some EHR technology auto-populates fields or generates documentation based on a physician simply checking off a box. Such practices may “produce information suggesting the practitioner performed more comprehensive services than were actually rendered,” the OIG states.
According to the study, only a few CMS contractors have adjusted their record reviews to meet such challenges. Only two MACs and two ZPICs request additional information regarding EHR protocols, providers’ EHR technology, and abilities’ to alter EHR data. One contractor reported that it used “audit log” data to verify that a provider had not altered the medical record after the date of care and another reportedly used the EHR audit log to verify the authenticity of medical record entries.
Although the OIG recommended an increased use of audit logs, CMS disagreed, stating such use would not be appropriate in all cases. However, it did agree to provide additional guidance to its contractors.
With more $22 billion in incentive payments for EHR implementation, CMS needs to address potential fraud and abuse vulnerabilities in the EHR, the OIG stated.
In a separate report conducted in December, the OIG found that most facilities with EHR systems in place have implemented certain fraud-prevention technology and policies “to increase data validity, accuracy, and integrity; and strengthen fraud protection in EHR technology.”