The implied threat sparked protests from leaders of provider groups.
Dr. Scot Silverstein, a physician informaticist and frequent critic of the federal approach to promote EHR adoption, which he recently described as “the push towards EHR unicorns and moonbeams utopia,” said the OIG report, while disclosing nothing new, indicates “the federal government is incompetently tripping over its own feet.”
The OIG issued a report last month that identifies design weaknesses that render EHR systems vulnerable to abuse.
In its latest report, the OIG concluded that the CMS and its contractors used “few program integrity practices specific to EHRs.” For example, just three of 18 contractors, in response to an OIG questionnaire, reported using audit-log data from an EHR as part of their fraud fighting reviews and only four of 18 indicated they reviewed EHR records differently than paper records, the OIG report said.
“Not all contractors reported being able to determine whether a provider had copied language or overdocumented” an encounter in an electronic medical record, the OIG report authors said. Meanwhile, CMS guidance provided to its contractors on fraud vulnerabilities was described as “limited.”
The report cites two examples of electronic record documentation practices—copying and pasting and overdocumentation—that could be used to commit fraud.
Also known as cloning of a medical record, copying and pasting enables a user to take portions of an existing record and add it to another record. When clinicians cut and paste information without updating or ensuring its accuracy, “inaccurate information may enter the patient's medical record and inappropriate changes may be billed to patients” and third–party payers, the OIG said. The practice also could be used to create fraudulent claims, the authors said.
The OIG describes overdocumentation as inserting false or irrelevant documentation to fabricate support to bill for more expensive services, a practice the investigators said can be facilitated by EHRs that “auto-populate” data fields in the record when using templates built into these systems.
Other systems, the OIG said, “generate extensive documentation on the basis of a single click of a checkbox,” which also could introduce errors in the patient record as well as facilitate fraudulent claims by making it appear as if the patient received more comprehensive services than the provider actually rendered.
These electronic vulnerabilities require that the CMS and its contractors develop new techniques for finding and investigating improper payments.
The report was based on a review of CMS documents providing guidance to healthcare delivery organizations on fraud as well as interviews with and a questionnaire sent to CMS administrative officials and hired contractors.
Follow Joseph Conn on Twitter: @MHJConn