Fraud and Abuse Risks with Electronic Health Records (EHRs)

The Office of Inspector General (OIG) for the United States of America released a report on January 8, 2014 detailing findings from their study to determine if the Center for Medicare and Medicaid Services’ (CMS) contractors have adopted mechanisms to identify and address certain EHR vulnerabilities. The EHR vulnerabilities, at the heart of the study, were those that may increase the likelihood of fraudulent claims or improper payments.

The OIG determined there are currently very few programs and/or mechanisms in place to detect fraudulent use of EHRs that would perpetuate invalid claims or payments. The study underscores that providers risk violating the False Claims Act if the documentation in the EHR inflates or demonstrates services which are more comprehensive than actually rendered. As a result, the OIG recommended that CMS contractors institute practices to detect fraudulent activity in EHRs.

A few key areas highlighted by the OIG regarding EHRs include:

1. Copy and Paste Functionality. This can easily lead to inflated claims or duplicate claims.

2. Auto-Population Functionality. This may potentially lead to inflated services or overstated complexities.

3. Bypass and/or Disable Capability. This may allow fraudulent activity to go undetected, especially when audit logs and password protections are bypassed.

Despite the findings of this study, we must remember that the healthcare industry has embraced EHRs to create efficiencies, improve care coordination, reduce medical errors, and further engage patients. Likewise, the government has promoted EHRs via regulations, reimbursement penalties, and incentive payments. While the potential for fraud and abuse when using an EHR is possible, it is also possible that the industry is experiencing a joint learning curve. We can neither be afraid of the EHR, nor afraid to right any wrongs found as a result of our joint learnings. Our joint learnings will help CMS, and other entities, become aware of vulnerabilities as well as implement policies and procedures to minimize the risks associated with fraud and abuse.

Share on facebook
Share on twitter
Share on linkedin