• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Policy & Value-Based Care

    OIG Report Highlights Lack of CMS Initiated EHR Fraud Safeguards

    Jan. 8, 2014
    A new report from the U.S. Department of Health and Human Services’ (HHS) Office of the Inspector General (OIG) indicates that the Centers for Medicare & Medicaid Services (CMS) has not adopted practices that would protect fraud vulnerabilities in electronic health record (EHR) systems.
    9865324 S

    A new report from the U.S. Department of Health and Human Services’ (HHS) Office of the Inspector General (OIG) indicates that the Centers for Medicare & Medicaid Services (CMS) has not adopted practices that would protect fraud vulnerabilities in electronic health record (EHR) systems.

    The report details the protections CMS has given for EHR facilitate fraud activities such as copy-pasting and over documentation. It also looks at how EHRs could protect against fraud including audit logs, access controls, and export controls. Overall, it found CMS has provided limited guidance to contractors on fraud vulnerabilities

    For the report, which can be found online, the HHS OIG sent a questionnaire to CMS officials and program integrity contractors who use EHRs to pay claims, identify improper Medicare payments, and investigate fraud. They asked about policies and procedures specific EHR-related fraud. The researchers from HHS OIG also reviewed guidance documents and policies on this subject.

    Overall, the report states how despite the HHS spending considerable time and resources to promote the widespread adoption of EHRs, not much attention has been given to fraud and abuse vulnerabilities in the systems. CMS has not changed their program integrity strategies in light of EHR adoption.

    According to the report, few contractors for CMS review digital records beyond what they do for paper medical records. Additional reviews are not required by CMS, according to the report. The researchers also discovered that not all contractors were able to determine whether or not providers had copied language in the EHR or over-documented.

    “Opportunities for a provider to inappropriately copy-paste language and over-document in a medical record for higher payment exist in paper medical records as well as EHRs. However, features in EHR technology make it easier for providers to copy-paste and over-document in EHRs,” it says in the report.

    This is the second report in as many months on EHR-related fraud. Last month, HHS OIG suggested there was a lack of urgency on the part of provider organizations about protecting patients from the potential misuse of their data. It also touched on the copy and paste, over-documentation vulnerabilities.

    HHS OIG made two recommendations: To have CMS provide guidance on detetcing fraud associated with EHRs and to direct its contractors to use providers' audit logs. CMS agreed with the first and partially agreed with the second.

    In the report, CMS officials stated that it intends to develop guidance on the appropriate use of the copy-paste feature in EHRs. It also stated that it will work with its contractors to identify best practices for detecting fraud associated with EHRs. On audit logs, it said they could be used to ensure accuracy but also they may not be appropriate in every circumstance and that review of audit logs requires special training.

    Continue Reading

    Sponsored Recommendations

    Enhancing Healthcare Through Strategic IT and AI Innovations

    Learn how strategic IT and AI innovations are transforming healthcare - join Tomas Gregorio as he explores practical applications that enhance clinical decision-making, optimize...

    The Intersection of Healthcare Compliance and Security in the Age of Deepfakes

    As healthcare regulations struggle to keep up with rapid advancements in AI-driven threats like deepfakes, the security gaps have never been more concerning.

    Increasing Healthcare Security Behind and Beyond the Firewall

    Read how 5 identity security solutions can help you protect against these threats while improving user experience and reducing costs.

    Improve and Secure Healthcare Delivery with Digital Identity

    Get a deep understanding of how Digital Identity can help secure your healthcare organization while offering seamless access to your growing portfolio of apps and APIs.