OIG report finds EHRs are being improperly reviewed by CMS

The Office of the Inspector General (OIG) recently released a report titled, “CMS and Its Contractors Have Adopted Few Program Integrity Practices to Address Vulnerability in EHRs” that finds that few CMS contractors from the Centers for Medicare & Medicaid Services (CMS) were reviewing electronic health records properly.

According to the OIG report, electronic health records (EHRs) replace traditional paper medical records with computerized recordkeeping to document and store patient health information. Experts in health information technology caution that EHR technology can make it easier to commit fraud. For example, certain EHR technology features may be used to mask true authorship of the medical record and distort information to inflate healthcare claims. The transition from paper records to EHRs may present new vulnerabilities and require that CMS and its contractors to adjust their techniques for identifying improper payments and investigating fraud.

To gather its data, the OIG sent an online questionnaire to CMS administrative and program integrity contractors that use EHRs to pay claims, identify improper Medicare payments, and investigate fraud. They also reviewed guidance documents and policies on EHRs and fraud vulnerabilities that CMS and its contractors released for healthcare providers. Lastly, they reviewed documents on EHRs and Medicare claims that CMS provided to its contractors.

The OIG found that CMS and its contractors had adopted few program integrity practices specific to EHRs. Specifically, few contractors were reviewing EHRs differently from paper medical records. In addition, not all contractors reported being able to determine whether a provider had copied language or over documented in a medical record. Finally, CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities.

The OIG recommended that CMS:

  • Provide guidance to its contractors on detecting fraud associated with EHRs by working with its contractors to identify best practices and develop guidance and tools for detecting fraud associated with EHRs.
  • Direct its contractors to use providers’ audit logs. Audit log data distinguishes EHRs from paper medical records and could be valuable to CMS’ contractors when reviewing medical records.

To read the report in full, click here.