The Office of Inspector General (OIG) conducted a study to determine to what extent hospitals that received electronic health records (EHR) Medicare incentive payments through the American Recovery and Reinvestment Act of 2009 (ARRA) had implemented recommended fraud safeguards for EHR technology. Two areas of EHR documentation practices were identified that may lend themselves to potential fraud implications:
- Copy-pasting: the selection of information from one source and replicating it in another location but failing to update the documentation to ensure accuracy
- Over-documentation: the practice of providing false or immaterial documentation giving the appearance of supporting a higher level of service than actually delivered
The copy-paste function of the EHR can be particularly challenging for the coder as it may be difficult to sort through the documentation to determine the current state of the patient’s clinical picture. For example, the initial impression for a patient admitted with pneumonia may indicate the possibility of a secondary diagnosis of a UTI that is ruled out by the time of discharge. However, the copy-paste function of the EHR for that facility may not have safeguards in place which would clearly update the documentation. As a result the UTI, though ruled out may inadvertently be coded incorrectly creating a potential fraud situation resulting in the assignment of a higher weighted DRG.
RTI International was contracted in 2006 to develop guidelines for date validity and integrity of the EHR with the goal of reducing fraud potential and increasing data accuracy. Fourteen recommendations were created within five categories: audit functions, user authorization and access controls, data transfer, patient involvement and other. One recommendation requires that the EHR technology not prompt the user to simply add documentation but alert the user to discrepancies between documentation and coding.
The OIG study found that only approximately one quarter of the hospitals had copy-paste policies in place to guard against inflated or duplicated documentation that could lead to potentially fraudulent claims. Even for those that had policies in place, 61 percent assigned the responsibility for the accuracy of the copy-paste documentation to the user alone. Half of the hospitals were unable to customize the copy-paste feature by restricting its use or disabling it entirely.
The report made three recommendations to enhance fraud and abuse safeguards when using the EHR:
- Ensure audit logs used for tracking any EHR updates be fully operational for updates and viewing
- Strengthen collaborative efforts between the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC) in developing a plan to prevent fraud in EHRs
- Develop guidelines for the appropriate use of the copy- paste EHR function
What EHR safeguards do you have in place at your facility to ensure accuracy, in particular with respect to the copy-paste function?
Reference: Department of Health and Human Services OIG Report December, 2013: Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology; http://oig.hhs.gov/oei/reports/oei-01-11-00570.pdf