OIG Report Recommends CMS Implement Program Integrity Practices to Address Vulnerabilities Associated with the Use of EHRs


According to a recent report from the Department of Health and Human Services Office of Inspector General (OIG), CMS has done little to address potential vulnerabilities associated with the use of electronic health records (EHRs), though the use of EHR technology may enhance certain opportunities to perpetrate fraud through the use of copy-pasting functionality, or “cloning,” and overdocumentation, among other things.

Specifically, OIG found that CMS and its contractors generally had not adjusted techniques for identifying improper payments and investigating potential fraud, as few contractors were reviewing EHRs any differently than paper records.  OIG based its findings on the results of an online questionnaire it administered to CMS Medicare Administrative Contractors (MACs), Zone Program Integrity Contractors (ZPICs) and Recovery Audit Contractors (RACs) that queried the contractors’ policies, procedures, and experiences with EHR fraud and Medicare claims, as well as a review of guidance documents and policies from CMS and its contractors. 

Only two of the eight MACs and two of the six ZPICs surveyed reported that they took additional steps beyond those included in an ordinary paper review, such as confirming electronic signatures and requesting information about the providers’ EHR technology, and only three of the eighteen total contractors surveyed reported using audit log data.  The contractors reported varying ability to identify inappropriately copied language and overdocumentation, with more contractors reporting the ability to identify overdocumentation than inappropriate copy-pasting due to the nature of the records review (i.e., copy-pasting may not be evident within a single claim, and may require the same reviewer to examine multiple records).  With respect to CMS guidance, MACs and RACs reported receiving limited guidance, while ZPICs reported receiving no guidance.         

The OIG recommended that CMS provide guidance to its contractors on detecting fraud associated with the use of EHRs and direct its contractors to use audit log data.  CMS concurred with the first recommendation, stating that it has been actively considering the issue and intends to develop appropriate guidelines to ensure appropriate use of the copy paste feature in EHRs, and will consider whether additional guidance tools are needed to help detect fraud associated with the use of EHRs.  CMS partially concurred with the second recommendation, stating that audit logs are one of several tools in ensuring authentic information, though they may not be an appropriate tool in every instance, and, thus, should only be one part of a comprehensive approach to EHR review.    

For a copy of the OIG report, please click here

Reporter, Kerrie S. Howze, Atlanta, +1 404 572 3594, khowze@kslaw.com.

Topics:  CMS, EHR, Healthcare, Healthcare Fraud, HHS, OIG

Published In: Health Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »