While the Centers for Medicare and Medicaid Services (CMS) estimates that nearly $29 billion of improper payments were made in 2015, according to spokespersons for the Office of the Inspector General (OIG) and CMS, the full extent of EHR fraud remains elusive.
Imagine, in an effort to bill a higher fee, a colleague cuts and pastes a complete history and physical examination you wrote in the electronic health record (EHR) of your patient, but forgets to make adjustments based on his/her findings.
This is happening with EHRs in hospitals and practices nationwide. While the Centers for Medicare and Medicaid Services (CMS) estimates that nearly $29 billion of improper payments were made in 2015, according to spokespersons for the Office of the Inspector General (OIG) and CMS, the full extent of EHR fraud remains elusive.
In December 2013, OIG published “Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology,” which addressed whether providers used the fraud prevention strategies recommended by the Office of the National Coordinator for Health Information Technology (ONC). Recommended fraud prevention strategies had been used only minimally. It subsequently recommended that audit logs be kept on when EHR technology is available for viewing, that ONC and CMS develop a comprehensive plan to address fraud vulnerabilities in EHRs and that CMS develop guidance on the use of the copy-paste feature.
CMS stated that it supports ONC’s development of certification criteria toward this goal, that it was committed to providing technical assistance to other federal agencies with healthcare fraud enforcement authority and that it audits hospitals to ensure the integrity of the EHR incentive payments. CMS said that it would develop guidelines to ensure that the copy-paste feature is used appropriately.
Further reading: It's time to get doctors out of EHR data entry
A January 2014 OIG report, “CMS and Its Contractors Adopted Few Program Integrity Practices to Address Vulnerabilities in EHRs,” stated that not all contractors reported being able to determine whether a provider had copied language or overdocumented in a medical record and that CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities.
According to the OIG March 2015 report, “Compendium of Unimplemented Recommendations,” fraud poses a threat to patient care and it harms the defrauded agencies. It recommended that the U. S. Department of Health and Human Services do more to ensure that all hospital EHRs contain safeguards against fraud enabled by the use of EHRs. OIG found that “nearly all hospitals may not be using recommended the audit function to its fullest extent. ONC again implemented recommendations proffered by RTI International “to enhance data protection, increase data validity, and strengthen fraud protection in electronic health technology.”
Subsequently, a July 2015 CMS report, “Program Integrity Issues of Electronic Health Records: An Overview,” cites that again there was an increase in concern about the potential for fraud and risk to patient care.
Today, the 2016 Compendium points out copy-paste as a primary concern, which can lead to fraud and errors in the electronic health record that may affect patient care.
Only 25% of hospitals had policies regarding the use of copy-paste in EHRs. The ONC and CMS once again agreed to develop a comprehensive plan address the fraud vulnerabilities in the electronic health record where CMS and continue to develop a comprehensive plan to detect and reduce fraud, however these efforts are not directed toward strengthening collaborative efforts with ONC.
Despite recommendations by OIG, electronic health record fraud remains a problem.
1. Department of Health and Human Services. Office of the Inspector General. (December, 2013). Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology. Accessed from http://oig.hhs.gov/oei/reports/oei011100570.pdf on May 27, 2016.
2. Department of Health and Human Services. Office of the Inspector General. (January,
2014). CMS and Its Contractors Have Adopted Few Programs Integrity Practices to Address Vulnerabilities in EHRs. Accessed from http://oig.hhs.gov/oei/reports/oei011100571.pdf on May 27, 2016.
3. Office of the Inspector General. Department of Health and Human Services. (March, 2015). Compendium of Unimplemented Recommendations. Accessed from http://oig.hhs.gov/reportsandpublications/compendium/files/compendium2015.pdf on May 27, 2016.
4. Department of Health and Human Services. Centers for Medicare and Medicaid (CMS). (July 2015). Electronic Health Record Toolkit: Program Integrity Issues in Electronic Health Records: An Overview. Accessed from https://www.cms.gov/MedicareMedicaidCoordination/FraudPrevention/MedicaidIntegrityEducation/Downloads/ehrproviderbookletoverview.pdf on May 27, 2016.
5. United States Department of Health and Human Services. Office of the Inspector General. (April 2016). Compendium of Unimplemented Recommendations. Accessed from http://oig.hhs.gov/reportsandpublications/compendium/files/compendium2016.pdfon May 27, 2016.
Notes: ONC is organizationally within the Office of the Secretary for implement and use the most advanced health information technology and the electronic exchange of health information. ONC is at the forefront of the administration’s health IT efforts and is a resource to the entire health system to support the adoption of health information technology and the promotion of nationwide health information exchange to improve health care.