CMS called out for EHR fraud failings
Electronic health records may be doing great things for patient care, but they have also made it easier to commit fraud, according to the findings of a new report from the Office of Inspector General.
The OIG report underscored the shortcomings of the Centers for Medicare and Medicaid Services when it came to identifying and investigating EHR fraud -- deficiencies which have helped contribute to the estimated $75 billion to $250 billion in healthcare fraud, officials say.
OIG highlighted the two most common EHR documentation practices used to commit fraud: copy and paste, by which a healthcare provider copies and pastes information from a patient's record multiple times, often failing to update the data or ensure accuracy, and over-documentation, which involves adding false or "irrelevant documentation to create the appearance of support for billing higher level services."
[See also: EHR copy and paste? Better think twice.]
Among the conclusions of the report was that CMS' guidance to its contractors charged with identifying fraud was too limited. For instance, most of the contractors reviewed paper records in the same way they reviewed EHRs, with little regard for the difference between them. OIG report findings revealed only three of 18 Medicare contractors used EHR audit log data as part of their review process.
Moreover, many contractors reported being unable to determine whether a provider had actually used copy/paste, or had overdocumented, in a medical record.
"Our findings show that CMS and its contractors have not changed their program integrity strategies in light of EHR adoption," Daniel Levinson, HHS Inspector General, wrote in the report, subsquently recommending CMS from now on direct contractors to use audit logs for investigations and provide additional guidance on detecting fraud in EHRs.
In a Nov. 13 letter to OIG, CMS Administrator Marilyn Tavenner concurred that the agency needed to do more and confirmed it would do so in specific arenas.
Seventy-four to 90 percent of physicians use the copy/paste function in their EHRs, and between 20 to 78 percent of physician notes are copied text, according to a September AHIMA report.
[See also: Report spotlights OCR security failures.]
HHS Secretary Kathleen Sebelius together with Attorney General Eric Holder wrote a letter recently to industry medical groups underscoring the seriousness of doctors "gaming the system." Sebelius and Holder pointed to reports of hospitals using EHRs to "upcode" patients' medical conditions, abuses which have been estimated to cost nearly $11 billion, according to a year-old report from the Center for Public Integrity.
Speaking at the October MGMA annual conference in San Diego, Diana Warner, director at AHIMA, confirmed the seriousness of inappropriately using copy and paste functions in electronic health records.
Warner cited one incident in particular that transpired at her previous medical group: Thanks to copy and paste errors, a patient went from having a family history of breast cancer to having a history of breast cancer.
This "nightmare" took months to fully resolve, said Warner. "The insurance company caught it and was going to change (the patient's) coverage because she lied," or so they thought. "We had to work for months to get that cleared up with the insurance company so her coverage would not be dropped. We had to then find all the records that it got copy and pasted into" incorrectly. Then, they had to track down all the locations they sent that information.
Added Warner, "It goes through your system. It goes through other systems. It gets sent to other care providers; it gets sent to insurance companies."
After the OIG report was released Jan. 7, several U.S. Senators released a statement calling the findings "deeply concerning."
"CMS has a fundamental responsibility to do a better job of policing and enforcing basic security requirements," said Republican Oklahoma Sentator Tom Coburn, in a Jan. 8 press statement.
Republican Tennessee Senator Lamar Alexander agreed. "The Centers for Medicare and Medicaid Services should be doing everything it can to prevent and stop the fraud and abuse that undermine this crucial innovation in the health care industry and put Medicare at risk of overpaying for care," he said.