Policy: Health Care

Little is being done to address vulnerabilities in electronic health records, IG finds

By |
Watchdog,Health Care,Medicare and Medicaid,Kelly Cohen,Inspectors General,HHS

Despite a December 2013 warning from the Department of Health and Human Services' inspector general, the Centers for Medicare and Medicaid Services and its contractors have done very little to reduce the risk of electronic health records fraud, the IG says.

An electronic health record, or EHR, is the computerized version of a patient's paper chart and contains everything about his or her medical history across all doctors and hospitals.

"Although EHR technology may make it easier to perpetrate fraud, CMS and its contractors have not adjusted their practices for identifying and investigating fraud in EHRs," the IG said.

The IG's office reviewed guidance, policies and documents on EHRs and fraud vulnerabilities that CMS and its contractors released for health care providers, as well as documents on EHRs and Medicare claims that CMS provided to its contractors.

An online questionnaire was also sent out to CMS administrators and contractors that use EHRs.

The questionnaire showed contractors have received limited guidance in the past two years from CMS on fraud vulnerabilities.

These vulnerabilities occur from things like duplicated information, over-documentation and electronic signatures.

The IG also said few contractors review EHRs differently from paper medical records, which meant they were unsure where the errors in the medical record could have come from.

"Our findings show that CMS and its contractors have not changed their program integrity strategies in light of EHR adoption," the IG said.

"Some CMS contractors reported that they were unable to identify copied language and over-documentation in a medical record," the IG said.

"This is a particular concern with EHRs because such documentation practices are made easier in an electronic environment. In addition, few CMS contractors have adopted additional review procedures for EHRs," the IG said.

Certain features in EHRs may be used to "distort information to inflate health care claims," the IG also found, which causes contractors to have to adjust how they figure out improper payments and fraud cases.

HHS reported in that 2013 most hospitals and doctors use EHRs.

In addition to health care fraud costing as much as $250 billion annually, HHS has spent more than $22.5 billion to encourage hospitals and doctors to adopt EHRs.

Rep. Michael Burgess, R-Texas, said the IG report points to problems that are inherent with government involvement in health care.

"Now it's HHS' own watchdog sounding the latest alarm bell questioning the ability of the federal government to manage such a large and sensitive part of our nation's economy," said Burgess, who is vice chairman of a House health oversight subcommittee.

"This new report echoes the concerns we have long voiced about the possibility of fraud and security concerns surrounding the government's involvement in and changes to the health care industry,” said Burgess.

Burgess is one of 20 physicians in Congress.

View article comments Leave a comment