To Freeze or Not to Freeze? That Is the Question

UPDATE: Senate Bill 23 did not become law during 2016 Kentucky Legislative Session. The bill was passed unanimously by the Senate. It was then sent to the House, where it was read twice, amended, but never read for the third and final time.


The Commonwealth of Kentucky’s General Assembly is considering a bill which would permit parents to place security freezes on their children’s credit record. Senate Bill 23 (SB 23) was introduced in the Senate on January 6, 2016. After several readings and committee reviews, it was approved by the Senate with minor changes and sent to the House Banking & Insurance Committee on February 11, 2016. The 2016 Kentucky Legislative Session will adjourn on April 12, 2016.

Credit cards & keyboardChildren do not have credit reports since they generally do not have credit in their names. So SB 23 provides that if there is no credit file/credit report, then the consumer reporting agency must create such a record for the protected person (as defined below).

SB 23 would require a consumer reporting agency to place a security freeze on a protected person’s record or report upon proper request by a representative. A “protected person” is defined as “an individual who is under sixteen (16) years of age at the time a request for the placement of a security freeze is made, or who is an incapacitated person or other person for whom a guardian or conservator has been appointed.”

State Laws and the Three Major Consumer Reporting Agencies Vary on Security Freezes for Children

The National Council of State Legislators reports that only “twenty-three states allow parents, legal guardians or Continue reading

AHIMA Issues Guidance on Appropriate Use of Copy and Paste in EHRs

16354859As we have written about in previous posts, the Office of Inspector General (OIG) for the United States Department of Health and Human Services (HHS) has been critical of the copy/paste function that is available in electronic health record (EHR) technology developed by software vendors.  (See “Electronic Health Records in OIG’s Sights for 2013“, October 20, 2012; “OIG recommends fraud safeguards in hospital EHR technology“, December 11, 2013; “OIG Report on CMS’ EHR Audit Practices Concludes The Practices Are Not Very Sophisticated“, February 11, 2014)  As our February 11, 2014 post concludes, while turning off the copy/paste functionalities are not the immediate solution to preventing a misuse of the function, health care providers should implement standards for its use.  The American Health Information Management Association (AHIMA) recently issued guidance, “Appropriate Use of the Copy and Paste Functionality in Electronic Health Records,” dated March 17, 2014, discussing the availability and appropriate use of the copy and paste function.

AHIMA supports maintaining the copy/paste functionality in ONC’s EHR certification standards and allowing for its use in CMS Conditions of Participation.  AHIMA encourages CMS to augment provider education and training materials on the appropriate use of copy/paste in order to reduce the risk that it may pose to quality of care, patient safety and fraudulent documentation.  Importantly, AHIMA recommends that health care providers implement policies and procedures to guide users of EHRs on the proper use of copy/paste functionalities.  To read the AHIMA guidance, click here.

OIG Report on CMS’ EHR Audit Practices Concludes The Practices Are Not Very Sophisticated

By Ann Triebsch and Kathie McDonald-McClure

Female HCP viewing a computer screenFollowing our blog post on December 11, 2013 about Part One of a report from the Office of the Inspector General for the United States Department of Health and Human Services (OIG) about fraud safeguards in electronic health records (EHRs), the OIG recently issued Part Two of its report.  Dated January 2014, the report is entitled, “CMS and Its Contractors Have Adopted Few Program Integrity Practices to Address Vulnerabilities in EHRs”.  That title pretty well sums up the report’s findings about the audits conducted by contractors for the Centers for Medicare and Medicaid Services (CMS).

The OIG’s January 2014 report and the earlier December 2013 report both rely heavily on a 2007 study by RTI International (RTI), which was performed under a contract with the Office of the National Coordinator for Health Information Technology (ONC).  The RTI Study made recommendations for enhancing data quality and integrity in EHRs. The recommendations were aimed at both strengthening some EHR benefits and providing tools within the EHR for detecting inappropriate documentation practices that are unique to EHRs.  The OIG investigated whether those tools have been put into full force. Continue reading

EHR Donation Safe Harbors Extended to 2021

by Margaret Young Levi and Roz Cordini

Male HCP with stethoscope and lab coat viewing a computerAmidst concerns that physicians and other providers are slow to adopt electronic health record (EHR) systems and be “meaningful users” of health information technology, just before the New Year, the federal government extended two programs that permit hospitals and other health care providers as well as health plans to subsidize physician offices’ adoption of EHRs without violating the Anti-Kickback Statute and Stark Law prohibition on inducements for referrals of federal health care program business.  These programs were not simply extended though.  This article addresses certain modifications to the programs of which providers should be aware. Continue reading

OIG recommends fraud safeguards in hospital EHR technology

Doctors Using EHROn December 10, 2013, the Office of Inspector General for the United States Department of Health & Human Services (OIG) issued a report finding that hospital implementation of fraud safeguards in electronic health records (EHRs) falls short of the recommended standards. The report carries out one of the OIG’s 2013 Work Plan objectives to study how EHR technology may lead to improper payments by federal healthcare programs.  In its Work Plan, the OIG had noted that: “Medicare contractors have noted an increased frequency of medical records with identical documentation across services.”

The OIG’s findings were extracted from the responses to an on-line questionnaire to 864 hospitals that had received Medicare EHR incentive payments as of March 2012. The questionnaire focused on four EHR fraud safeguards: 1) EHR audit functions; 2) EHR user authorization and access; 3) EHR data transfer; and 4) patient involvement via the ability to access and comment within their EHR.   The OIG criticized the Centers for Medicare and Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) for failing to incorporate recommended safeguards into meaningful use criteria and EHR certification standards.

Continue reading