OIG Reports EHR Fraud Detection Inadequate

OIG Reports EHR Fraud Detection Inadequate

According to a report released this month by the Department of Health and Human Services' Office of Inspector General, The Centers for Medicare and Medicaid Services and many of its contractors need to adopt better practices to detectfraudcommitted using electronic health records.

Even though EHR technology has made committing fraud easier, according to an OIG report released in December 2013, CMS and its contractors have not adjusted their practices for identifying and investigating fraud committed using EHRs, says the most recent report.

December's report also highlighted the need for hospitals to make broader use of the audit log function within EHRs to help detect fraud. This report also noted that healthcare fraud of all kinds totals $75 billion to $250 billion a year.

New Report's Findings

The OIG based this week's report on an online survey conducted in January 2013 of nearly 20 CMS administrative and program integrity contractors that use EHRs to pay claims, identify improper Medicare payments and investigate fraud.

For its report, OIG also reviewed guidance documents and policies on EHRs and fraud vulnerabilities that CMS and its contractors released for healthcare providers. The watchdog agency also reviewed CMS transmittals of new or changed policies and procedures relating to EHRs.

Overall, OIG found that CMS and its contractors had adopted few program integrity practices specific to EHRs. More specifically, few contractors were reviewing EHRs differently from paper medical records.

In addition, not all contractors reported being able to determine whether a healthcare provider had used the EHR cut-and-paste feature to falsify records or had over-documented a medical record by inserting false or irrelevant digitized documentation to create the appearance of support for billing higher level services.

Finally, OIG found that CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities.

Two Recommendations

OIG recommends that CMS provide guidance to its contractors on detecting fraud associated with EHRs. It suggests CMS work with contractors to identify best practices and develop guidance and tools for detecting fraud associated with EHRs.

OIG also recommends that CMS direct its contractors to use providers' audit log data to distinguish EHRs from paper medical records, providing a "valuable" tool to CMS's contractors when reviewing medical records.

In a letter included in the report, CMS' administrator, Marilyn Tavenner, notes that the agency has been discussing the issue of EHR fraud with HHS' Office of the National Coordinator for Health IT, which sets policies and standards for the HITECH Actincentive programs for electronic health records.

"CMS intends to develop appropriate guidelines to ensure the proper use of the cut-and-paste feature in EHRs," Tavenner says. "CMS will also consider if additional guidance and tools are needed to help detect fraud associated with EHRs."

As for the OIG recommendation that CMS direct its contractors to use providers' audit logs to help detect possible fraud, Tavenner notes that "the use of audit logs may not be appropriate in every circumstance and should be part of a comprehensive approach to reviewing the authenticity of EHRs."

The letter also notes audit log reviewers need to obtain trainingto interpret and reconstruct the history of each medical record supplied in an electronic format and support in a log.