Don't Overlook Fraud in EHRs, OIG Cautions CMS
"In 2014, there will be more instances where insurers and the government are getting more sophisticated in trying to detect fraud by using electronic means," says Dagli.
The contractors, according the OIG report, want more guidance from CMS on how to identify fraud in an EHR. Specifically, all six ZPICs responded that CMS did not provide help on looking for instances of overdocumentation, electronic signatures, or copied language. The other two types of CMS contractors —MACs and RACs—indicated limited guidance on those three issues from the agency.
The OIG's recommendations were twofold:
- Give guidance to contractors on detecting EHR fraud.
- Use providers' audit logs to authenticate the medical record.
Audit logs capture time, date, and user information when an EHR is updated; using it to track the changes in the record was one of the recommendations suggested by RTI International, the nonprofit researcher based in North Carolina. The Office of the National Coordinator for Health Information Technology used RTI's expertise to help develop recommendation for EHR data safeguards. Audit logs were high on the list of anti-fraud tools within the EHR, but as the OIG report notes, that ability, as well as others can be bypassed by the user.