EHR Software may be an effective tool in terms of enhancing patient care, improving care coordination, and increasing efficiency; however, the technology may also make it easier for providers to commit fraud, according to the OIG. Not only has EHR fraud been a focus area included in various OIG Work Plans, but it was also the topic of a December 2013 report titled “Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology.”
In its report, the OIG essentially calls upon CMS and ONC to work collaboratively to develop a comprehensive plan that will identify and investigate EHR fraud. It also discusses two of the most vulnerable aspects of EHRs that can lead to fraud—that is, the ability to copy and paste documentation from one patient’s record to another as well as over-documentation (i.e., inserting false or irrelevant documentation to create the appearance of support for billing higher level services).
More recently, the OIG announced in its FY 2015 Work Plan that it will review Medicare and Medicaid incentive payment data from 2011 to identify fraudulent incentive payments—i.e., payments given to providers that did not meet selected Meaningful Use criteria. Several cases of wrongly-claimed incentive payments have already been reported, and those numbers may continue to rise unless providers pay closer attention to Meaningful Use criteria and objectives.
However, CMS, the ONC and the OIG are only part of the equation. Providers must also understand the role that they plan in terms of preventing fraudulent practices when using an EHR. This article outlines five ways in which providers can mitigate fraud and ensure compliance.
- Establish policies and procedures to address copy-and-paste (cloned) documentation. In what limited circumstances are providers able to copy and paste documentation from one source to another? When copying and pasting, do providers understand that they must update that information, if necessary, and ensure its accuracy and relevance?
- Be cautious when using templates and check boxes. Some EHR systems may auto-populate certain fields when providers use templates. Other systems may generate documentation when a provider checks a single box. Providers must always verify the accuracy of any information included within the record.
- Ensure that audit logs are fully operational. Audit logs, which capture data elements such as date, time, and user stamps for each update in the EHR are a critical part of mitigating fraud. Practices can use these logs to monitor activity and look for data inconsistencies and patterns.
A Deep-dive Into Specialty Pharma
A specialty drug is a class of prescription medications used to treat complex, chronic or rare medical conditions. Although this classification was originally intended to define the treatment of rare, also termed “orphan” diseases, affecting fewer than 200,000 people in the US, more recently, specialty drugs have emerged as the cornerstone of treatment for chronic and complex diseases such as cancer, autoimmune conditions, diabetes, hepatitis C, and HIV/AIDS.
- Implement robust access controls. Access controls and user authentication help prevent unauthorized access to the EHR. This can prevent fraud related to identify theft and other schemes that involve stealing provider and patient information.
- Perform patient education. Patient engagement can also help mitigate fraud related to the EHR. Encourage patients to notify the organization if they detect potentially fraudulent activity. For example, a patient may question an Explanation of Benefits for a service that he or she did not receive. Educate patients about the potential for identify theft and fraud, and let them know that you can work together to combat the problem.
Proactive compliance
The annual cost of healthcare fraud is between $75 billion and $250 billion. As providers continue to implement EHR technology, they must address the potential for fraud. This fraud is often not malicious, but rather it occurs due to poor design and a lack of education and awareness. By taking steps to mitigate fraud before it occurs, practices will avoid further audits and scrutiny.
