OIG Report on CMS’ EHR Audit Practices Concludes The Practices Are Not Very Sophisticated

By Ann Triebsch and Kathie McDonald-McClure

Female HCP viewing a computer screenFollowing our blog post on December 11, 2013 about Part One of a report from the Office of the Inspector General for the United States Department of Health and Human Services (OIG) about fraud safeguards in electronic health records (EHRs), the OIG recently issued Part Two of its report.  Dated January 2014, the report is entitled, “CMS and Its Contractors Have Adopted Few Program Integrity Practices to Address Vulnerabilities in EHRs”.  That title pretty well sums up the report’s findings about the audits conducted by contractors for the Centers for Medicare and Medicaid Services (CMS).

The OIG’s January 2014 report and the earlier December 2013 report both rely heavily on a 2007 study by RTI International (RTI), which was performed under a contract with the Office of the National Coordinator for Health Information Technology (ONC).  The RTI Study made recommendations for enhancing data quality and integrity in EHRs. The recommendations were aimed at both strengthening some EHR benefits and providing tools within the EHR for detecting inappropriate documentation practices that are unique to EHRs.  The OIG investigated whether those tools have been put into full force. Continue reading

Who Accessed My Health Records? Recommendation for Quality over Quantity in Access Reports

By Kathie McDonald-McClure, Ann F. Triebsch and Margaret Young Levi

Group of Healthcare Professionals
Accounting for Disclosures Would Include Disclosures of PHI to All Staff

The Office of National Coordinator (ONC) Health IT Policy Committee voted in December 2013 to recommend that the United States Department of Health & Human Services (HHS) scale back its 2011 proposed rules requiring covered entities to provide patients with reports showing the name of every staff member who accessed their information in an electronic health record (EHR). As reported by Government Health IT, the committee’s Privacy and Security Tiger Team opposes a requirement that entities covered by the Health Insurance Portability & Accountability Act of 1996 (HIPAA) give such broad “accounting of disclosure” reports to patients. Continue reading

OIG recommends fraud safeguards in hospital EHR technology

Doctors Using EHROn December 10, 2013, the Office of Inspector General for the United States Department of Health & Human Services (OIG) issued a report finding that hospital implementation of fraud safeguards in electronic health records (EHRs) falls short of the recommended standards. The report carries out one of the OIG’s 2013 Work Plan objectives to study how EHR technology may lead to improper payments by federal healthcare programs.  In its Work Plan, the OIG had noted that: “Medicare contractors have noted an increased frequency of medical records with identical documentation across services.”

The OIG’s findings were extracted from the responses to an on-line questionnaire to 864 hospitals that had received Medicare EHR incentive payments as of March 2012. The questionnaire focused on four EHR fraud safeguards: 1) EHR audit functions; 2) EHR user authorization and access; 3) EHR data transfer; and 4) patient involvement via the ability to access and comment within their EHR.   The OIG criticized the Centers for Medicare and Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) for failing to incorporate recommended safeguards into meaningful use criteria and EHR certification standards.

Continue reading

CMS Extends Stage 2 Meaningful Use through 2016

Keyboard and stethoscopeOn Friday, November 6, 2013, the Centers for Medicare & Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) announced its proposal to extend the timeline by which eligible healthcare providers must demonstrate a “meaningful use” (MU) of a certified electronic health record (EHR) in compliance with the MU Stage 2 criteria set forth in regulations issued pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.   Originally, eligible providers who demonstrated Stage 1 MU by the end of 2013 would have had to demonstrate at least 3 months of Stage 2 MU by September 30, 2014 for eligible hospitals and critical access hospitals (CAHs) and by December 31, 2014 for eligible professionals, do one more year of Stage 2 in 2015, and then move to Stage 3 by 2016.  The CMS – ONC apparently will give all eligible providers more time to stay in Stage 2, stating: “Under the revised timeline, Stage 2 will be extended through 2016 and Stage 3 will begin in 2017 for those providers that have completed at least two years in Stage 2.” In essence, the start of Stage 3 is being delayed and, apparently (pending further rule making), nothing else.

Continue reading

ONC Announces New Certified HIT Mark

Last week, the Department of Health and Human Service’s (HHS) Office of the National Coordinator for Health Information Technology (ONC) announced its new Certified HIT Mark, similar to the Good Housekeeping Seal of Approval. The Certified HIT Mark provides a way for consumers to feel confident at a glance that “the HIT meets all applicable requirements under the ONC HIT Certification Program.”

The ONC Certification Program ensures that electronic health record technologies meet the standards and certification criteria adopted by HHS to help providers and hospitals achieve Meaningful Use objectives and measures under the Health Information Technology for Economic and Clinical Health (HITECH) Act.  Additional information from the ONC about the standards and certification criteria, certified health IT product list, and the health IT certification program may be found here.