Jan. 9—The Centers for Medicare & Medicaid Services (CMS) plans to tighten its search for hospital fraud from improper use of electronic health records (EHRs) after a government watchdog identified oversight shortcomings.

The HHS Office of Inspector General (OIG) examined the extent to which CMS and its contract auditors have adjusted their antifraud reviews of medical records to account for the widespread movement from paper records to EHRs in recent years. The review led them to conclude that although EHR technology may help perpetrate fraud, CMS, and its contractors have failed to adjust and few contractors reviewed EHRs differently from paper medical records.

Among the components of EHRs that separate them from paper records is their audit log data, which "could be valuable in authenticating the medical record that supports a claim," the OIG report noted.

However, few Medicare auditors checked EHR audit log data. Other EHR-related shortcomings among CMS contractors also were identified.

"Some contractors weren't able to determine whether a provider copied language or over-documented in a medical record, which could indicate fraudulent billing in an electronic record," said Danielle Fletcher, an OIG program analyst.

The contractors' EHR shortcomings were blamed on the lack of CMS focus on the issue. Most contractors reported little or no CMS guidance on copied language, over-documentation, electronic signatures, or other EHR-related fraud issues.

CMS Response Coming

In response, CMS "intends to develop guidance on the appropriate use of the copy-paste feature in EHRs," the OIG report noted. "It also stated that it will work with its contractors to identify best practices for detecting fraud associated with EHRs."

However, CMS balked at the OIG's urging that all contractors use EHR audit logs in their provider fraud reviews. Although the agency noted audit logs are "one of several tools" to avoid EHR fraud, it warned that they may not be appropriate in every circumstance and their review requires special training.

"CMS stated that it is working with its contractors, EHR experts, and ONC-sponsored workgroups to consider issues presented by digital clinical data, including determining the authenticity of information in EHRs," the report said.

An HHS anti-fraud contractor, RTI International, previously recommended antifraud EHR steps, including greater use of audit logs to identify when, where, and how data are entered into a patient's EHR and help determine the authenticity of EHRs.

A previous OIG report found most hospitals have implemented RTI’s safeguards including use of the EHR logs to capture most of the recommended data. However, nearly half of hospitals said they could delete audit logs and a third of hospitals said they could disable their audit logs, Fletcher said.

Publication Date: Thursday, January 09, 2014