OIG official: 2013 work plan to focus on EHR-enabled fraud

The U.S. Department of Health & Human Services' Office of Inspector General will focus much of its attention next year on examining the role that electronic health records play in Medicare overbilling, the Center for Public Integrity reported this week. HHS Inspector General Daniel Levinson announced via a video presentation posted to the agency's website on Wednesday that there is a need to "guard against the use of electronic records to cover up crime."

The work plan, which was released earlier this month, likely was a reaction to a letter penned by HHS Secretary Kathleen Sebelius and U.S. Attorney General Eric Holder in September, in which the officials warned that law enforcement agencies would be keeping an eye out for fraud and would "take action where warranted. The letter, which was sent to five healthcare provider associations, including the American Hospital Association, came on the heels of an investigation published by the Center for Public Integrity that found that EHR systems could be a catalyst for upcoding by physicians.

OIG recently sent an 18-page, 54-question survey to some hospitals participating in the Meaningful Use incentive program, asking about coding procedures and security measures taken. Hospitals had until today to respond to the survey.

The questions are "all over the place," Charles Christian, CIO at Good Samaritan Hospital in southwest Indiana told FierceHealthIT. Any organization that gets one of these surveys should contact their lawyers, he added. "Because if you don't some of those questions, if answered inappropriately, could be used against you and give them reason to come in and do more investigation." 

The long list of questions--a combination of open ended and multiple choice--include the following:

  • Does access to the hospital EHR require user authorization?
  • Has the hospital implemented policies and procedures regarding access to the EHR?
  • Does the hospital allow any outside entity (such as a payer) access to the EHR?
  • Does the hospital establish unique user IDs to track outside entries' activity?
  • How long are audit log data stored?
  • Does anyone at the hospital analyze the audit log data?
  • Can the audit log be disabled? 
  • Who can disable the audit log?
  • Can the audit log be edited? 
  • Does the hospital disable the print screen function for the EHR?
  • To what extent are narrative nursing notes handwritten instead of directly entered into the EHR at the hospital?
  • What electronic access do patients have to their EHR data?
  • Can the copy/paste and template features be customized in the EHR?
  • Does the hospital have a policy about the use of the copy/paste feature in the EHR?

It also asked respondents to describe the hospital's copy/paste policy and to describe "any other procedures, policies or capabilities specific to the EHR technology that your hospital has implemented in order to maintain data integrity and prevent fraud."

According to a Bloomberg BNA report, OIG will try to incorporate the use of predictive analytics in its efforts.

To learn more:
- here's the Center for Public Integrity piece
- check out the OIG's survey
- read the Bloomberg BNA article