CMS and Its Contractors Have Adopted Few Program Integrity Practices To Address Vulnerabilities in EHRs
January 8, 2014
Download the complete report
Adobe® Acrobat® is required to read PDF files.
WHY WE DID THIS STUDY
Electronic health records (EHRs) replace traditional paper medical records with computerized recordkeeping to document and store patient health information. Experts in health information technology caution that EHR technology can make it easier to commit fraud. For example, certain EHR technology features may be used to mask true authorship of the medical record and distort information to inflate health care claims. The transition from paper records to EHRs may present new vulnerabilities and require CMS and its contractors to adjust their techniques for identifying improper payments and investigating fraud.
HOW WE DID THIS STUDY
We sent an online questionnaire to CMS administrative and program integrity contractors that use EHRs to pay claims, identify improper Medicare payments, and investigate fraud. We also reviewed guidance documents and policies on EHRs and fraud vulnerabilities that CMS and its contractors released for health care providers. Lastly, we reviewed documents on EHRs and Medicare claims that CMS provided to its contractors.
WHAT WE FOUND
CMS and its contractors had not changed their program integrity strategies in light of EHR adoption. Few CMS contractors had adopted few program integrity practices specific to EHRs. Specifically, few contractors were reviewing EHRs differently from paper medical records. In addition, not all contractors reported being able to determine whether a provider had copied language or overdocumented in a medical record. Finally, CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities.
WHAT WE RECOMMEND
Our report made two recommendations. First, CMS should provide guidance to its contractors on detecting fraud associated with EHRs. CMS could work with contractors to identify best practices and develop guidance and tools for detecting fraud associated with EHRs. Specific guidance should address EHR documentation and electronic signatures in EHRs. Second, CMS should direct its contractors to use providers' audit logs. Audit log data distinguish EHRs from paper medical records and could be valuable to CMS's contractors when reviewing medical records. CMS concurred with our first recommendation and partially concurred with the second recommendation.
Copies can also be obtained by contacting the Office of Public Affairs at Public.Affairs@oig.hhs.gov.
Let's start by choosing a topic
Unimplemented OIG recommendations summarized.
FY 2014 Work Plan
OIG projects planned for 2014.
Significant OIG activities in 6-month increments.