Physician Practice

EHR fraud vulnerabilities remain unaddressed

Physician Practice Insider, April 19, 2016

EHRs are vulnerable to fraud despite the existence of tools to prevent and combat fraud and abuse, the Office of Inspector General (OIG) says. EHR fraud is one of the top issues in the agency’s annual Compendium of Unimplemented Recommendations, released April 12.

The OIG’s concerns about EHR fraud go back to December 2013, when it published a report examining whether providers actually used recommended fraud prevention safeguards. The Office of the National Coordinator of Health IT (ONC) had contracted with RTI International to develop recommended methods to prevent abuse and fraud and improve the integrity of EHRs. The 2013 report was compiled from data the OIG collected from 864 hospitals that received EHR incentive payments in 2012. Although most surveyed providers implemented ONC’s recommended safeguards, they were used minimally and ineffectively, according to the OIG’s 2013 report. ONC agreed with both recommendations the OIG made in its 2013 report; however, the agency said it had no statutory authority to enforce the recommendations.

Three years later, EHRs remain open to deliberate fraud and unintentional damage to data integrity. The 2016 Compendium singles out the use of copy and paste as a primary source of concern. Improper use of copy and paste can be used for fraud or can unintentionally introduce errors into the EHR. Only a quarter of providers have policies regarding the use of copy and paste in EHRs, according to the 2016 Compendium.

The 2016 Compendium recommends that the ONC and CMS develop a comprehensive plan to address fraud vulnerabilities in EHRs. The agencies agreed with the OIG’s recommendations and CMS stated that it is conducting prepayment audits and prepayment edit checks to ensure that eligible professionals receiving EHR incentive payments comply with the program. The OIG, however, urges CMS to take direct, concrete action and work with the ONC to create solutions rather than relying on audits.

The Partnership for Health IT Patient Safety released an EHR copy and paste best practices toolkit in March. The toolkit made recommendations for policymakers and software developers, but also includes a number of practical recommendations providers can follow on their own, such as hands-on education and training and offering regular feedback to staff.

Most Popular