Is the federal government’s drive towards implementing electronic medical records so fast that security measures are struggling to catch up? That is what a recent report in Fox News seems to suggest. According to a report by watchdog for the Department of Health and Human Services, the US government has not put sufficient safeguards in place to prevent fraud that is likely when implementing EMR. The OIG (Office of the Inspector General) has recommended that CMS must provide better guidance to Medicare carriers and auditors. It also insisted that CMS contractors must be directed to use EHR audit logs to identify fraud.
Some CMS contractors were unable to verify whether providers had falsified medical documentation with a view to inflate costs and overbill the government. The report pointed out that inapt copy-pasting could result in inflated claims as well as duplicate or fraudulent claims. CMS should develop guidelines regarding the use of the copy-paste function in EHRs. An OIG survey found that only two out of eight MACs (Medicare Administrative Contractors) which process Medicare claims said they conducted additional reviews of electronic health record documentation compared to what they do for paper records. Only one Medicare carrier looked at the EHR audit logs that reveal when and by whom medical records were created and altered. Among the four Recovery Audit Contractors (RACs) surveyed, nobody conducted additional reviews, and only one used audit log data. Six Zone Program Integrity Contractors were surveyed, and among them 2 conducted additional reviews and one looked at audit logs. CMS did provide guidance to its RACs and MACs regarding electronic signatures, but training in other EHR-related areas was practically nil. In its letter to OIG, CMS has agreed that it could provide improved guidance to contractors and thereby help prevent fraud. It also pointed out that while the use of audit logs was indeed necessary, it may not be “appropriate in every circumstance”. Moreover, it required that special training be provided to reviewers.
And what do providers have to say regarding the fraud and abuse of EHRs? Physicians may be submitting more level 4 E&M codes since the entry of EMRs but it needn’t be upcoding. Primary care physicians have undercoded their services in the past because of the heavy documentation involved. They may be reporting the right codes because electronic health record system has made documentation easier. Correcting medical records may become necessary at times when an error is detected at a later stage. A major concern in this regard is the poorly designed EHR systems that require physicians to copy-paste an entire section of a medical record or an entire note instead of the applicable data alone. The best way to avoid documentation errors is by training providers to accurately edit and add remarks that would help personalize individual patient records. Only an in-depth medical record review can reveal the existence of intentional or inadvertent fraud in patient healthcare records.