Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CMS and Its Contractors Have Adopted Few Program Integrity Practices To Address Vulnerabilities in EHRs

Issued on  | Posted on  | Report number: OEI-01-11-00571

Report Materials

WHY WE DID THIS STUDY

Electronic health records (EHRs) replace traditional paper medical records with computerized recordkeeping to document and store patient health information. Experts in health information technology caution that EHR technology can make it easier to commit fraud. For example, certain EHR technology features may be used to mask true authorship of the medical record and distort information to inflate health care claims. The transition from paper records to EHRs may present new vulnerabilities and require CMS and its contractors to adjust their techniques for identifying improper payments and investigating fraud.

HOW WE DID THIS STUDY

We sent an online questionnaire to CMS administrative and program integrity contractors that use EHRs to pay claims, identify improper Medicare payments, and investigate fraud. We also reviewed guidance documents and policies on EHRs and fraud vulnerabilities that CMS and its contractors released for health care providers. Lastly, we reviewed documents on EHRs and Medicare claims that CMS provided to its contractors.

WHAT WE FOUND

CMS and its contractors had not changed their program integrity strategies in light of EHR adoption. Few CMS contractors had adopted few program integrity practices specific to EHRs. Specifically, few contractors were reviewing EHRs differently from paper medical records. In addition, not all contractors reported being able to determine whether a provider had copied language or overdocumented in a medical record. Finally, CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities.

WHAT WE RECOMMEND

Our report made two recommendations. First, CMS should provide guidance to its contractors on detecting fraud associated with EHRs. CMS could work with contractors to identify best practices and develop guidance and tools for detecting fraud associated with EHRs. Specific guidance should address EHR documentation and electronic signatures in EHRs. Second, CMS should direct its contractors to use providers' audit logs. Audit log data distinguish EHRs from paper medical records and could be valuable to CMS's contractors when reviewing medical records. CMS concurred with our first recommendation and partially concurred with the second recommendation.


-
-
-