The Office of Inspector General (OIG) for the U.S. released a report on January 8, 2014. In it, detailed findings were included from their study on the Center for Medicare and Medicaid Services’ (CMS). The purposes of the study was to review if CMS contractors had adopted mechanisms to identify and address certain electronic health records (EHR) vulnerabilities. The concerns, at the heart of the study, were those that may increase the likelihood of fraudulent claims or improper payments.
The OIG determined there are currently very few programs in place to detect fraudulent use of EHRs. This means there’s a risk of increased invalid claims or payments. The study underscores that providers risk violating the False Claims Act.
If the documentation in the EHR inflates or demonstrates services which are more comprehensive than actually rendered, it could be flagged. As a result, the OIG recommended that CMS contractors institute practices to detect fraudulent activity in EHRs.
Common Types of Fraud
A few key areas highlighted by the OIG regarding EHRs include:
1. Copy and Paste Functionality. This can easily lead to inflated claims or duplicate claims.
2. Auto-Population Functionality. This may potentially lead to inflated services or overstated complexities.
3. Bypass and/or Disable Capability. This may allow fraudulent activity to go undetected, especially when audit logs and password protections are bypassed.
Despite the findings of this study, it’s imperative to recognize that the healthcare industry has embraced EHRs for a reason. The use of EHRs can create efficiencies, improve care coordination, reduce medical errors, and further engage patients. Likewise, the government has promoted EHRs via regulations, reimbursement penalties, and incentive payments. While the potential for fraud and abuse is possible, it’s also possible that the industry is experiencing a joint learning curve.
We shouldn’t be afraid of electronic health records, nor afraid to right any wrongs found as a result of our joint learnings. Our joint learnings will help CMS, and other entities, become aware of possible issues. As well, this will also assist in implementing policies and procedures to minimize the risks associated with fraud and abuse.