Despite warnings from its Office of Inspector General (OIG) in December 2013, the Department of Health and Human Services still has not adequately tackled the issue of hospitals failing to employ safeguards and prevent electronic health record fraud and abuse via recommended tools already in place, OIG says.
The agency lists the issue as one of its top 25 unimplemented recommendations in its annual compendium, published this week.
In its original report, OIG notes that HHS contracted with RTI International to develop recommendations to enhance data protection. It says that nearly all hospitals with EHRs had RTI-recommended audit functions in place, but that those functions were not being used to their full extent.
What's more, OIG, in the December 2013 report, expresses particular concern that too little is being done to limit the use of EHRs' copy-paste functions. Only 24 percent of hospitals had policies in place regarding use of copy-paste.
"Although the copy-paste feature in EHRs can enhance efficiency of data entry, it may also facilitate attempts to inflate, duplicate, or create fraudulent healthcare claims," that report says.
Former hospital chief financial officer Joe White, last spring, was ordered to pay $4.4 million in restitution after being indicted in February 2014 and charged with making false statements to the Centers for Medicare & Medicaid Services. He attested in 2012 that Texas-based Shelby Regional Medical Center met the Meaningful Use requirements when in actuality, the hospital relied mainly on paper records and used a certified electronic health record "minimally," according to the Department of Justice. White directed the EHR vendor and employees to manually input data into the EHR, often months after patients were discharged and after the fiscal year ended. Shelby received $785,655 in incentive payments for 2012.
The practice of cloning, in which providers cut and paste information from prior notes into newer records, has been under scrutiny by the Office of the National Coordinator for Health IT and HHS for several years.
To learn more:
- here's OIG's annual compendium (.pdf)