OIG Report on CMS’ EHR Audit Practices Concludes The Practices Are Not Very Sophisticated

By Ann Triebsch and Kathie McDonald-McClure

Female HCP viewing a computer screenFollowing our blog post on December 11, 2013 about Part One of a report from the Office of the Inspector General for the United States Department of Health and Human Services (OIG) about fraud safeguards in electronic health records (EHRs), the OIG recently issued Part Two of its report.  Dated January 2014, the report is entitled, “CMS and Its Contractors Have Adopted Few Program Integrity Practices to Address Vulnerabilities in EHRs”.  That title pretty well sums up the report’s findings about the audits conducted by contractors for the Centers for Medicare and Medicaid Services (CMS).

The OIG’s January 2014 report and the earlier December 2013 report both rely heavily on a 2007 study by RTI International (RTI), which was performed under a contract with the Office of the National Coordinator for Health Information Technology (ONC).  The RTI Study made recommendations for enhancing data quality and integrity in EHRs. The recommendations were aimed at both strengthening some EHR benefits and providing tools within the EHR for detecting inappropriate documentation practices that are unique to EHRs.  The OIG investigated whether those tools have been put into full force. Continue reading

OIG recommends fraud safeguards in hospital EHR technology

Doctors Using EHROn December 10, 2013, the Office of Inspector General for the United States Department of Health & Human Services (OIG) issued a report finding that hospital implementation of fraud safeguards in electronic health records (EHRs) falls short of the recommended standards. The report carries out one of the OIG’s 2013 Work Plan objectives to study how EHR technology may lead to improper payments by federal healthcare programs.  In its Work Plan, the OIG had noted that: “Medicare contractors have noted an increased frequency of medical records with identical documentation across services.”

The OIG’s findings were extracted from the responses to an on-line questionnaire to 864 hospitals that had received Medicare EHR incentive payments as of March 2012. The questionnaire focused on four EHR fraud safeguards: 1) EHR audit functions; 2) EHR user authorization and access; 3) EHR data transfer; and 4) patient involvement via the ability to access and comment within their EHR.   The OIG criticized the Centers for Medicare and Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) for failing to incorporate recommended safeguards into meaningful use criteria and EHR certification standards.

Continue reading