The protection and security of electronic medical records is a topic of growing concern. While the public may be focusing on the issue of breaches due to recent data hacks, the Office of Inspector General is turning its attention to EHR fraud.
The OIG is calling for the Centers for Medicare & Medicaid Services to address the issue of EHR fraud vulnerabilities. In a March 2015 report, the OIG claimed that the agency has not adequately implemented fraud safeguards.
"HHS must do more to ensure that all hospitals' EHRs contain safeguards and that hospitals use them to protect against electronically enabled healthcare fraud," OIG officials wrote in the report.
"The OIG urges the CMS to address EHR fraud vulnerabilities."
The report emphasized the need for audit logs to be operational when electronic health records are available and encouraged the OIG to outline clear guidelines concerning the use of EHR copy-and-paste functions. As the report revealed, only about one-fourth of providers have copy-and-paste policies in place. Another major area of concern for the OIG is the widespread underutilization of RTI-recommended audit functions
"We found that nearly all hospitals with EHR technology had RTI-recommended audit functions in place, but they may not be using them to their full extent," the report stated.
A history of unresponsiveness
According to Healthcare IT News, this isn't the first time the OIG has made such recommendations to the CMS. In January 2014, the OIG released a report stating that the agency was dragging its feet on the path to EHR fraud prevention. This report highlighted survey findings from the American Health Information Management Association, which found that many providers could not even identify copy-and-paste usage documentation for their practices, even though up to 90 percent of physicians used this function on a daily basis.
Despite the fact that the agency has failed to make fraud prevention a priority, CMS officials have voiced their agreement with the OIG. In fact, in July 2014, the CMS made a statement that it was planning to collaborate with the Office of the National Coordinator for Health Information Technology to create a plan to detect and reduce fraudulent activity, but no solid steps have been taken since.
Some believe the underwhelming efforts on the part of the CMS are due to other initiatives, such as meaningful use, taking priority. Eventually, the CMS will have to address this issue of growing importance. In addition to potentially requiring electronic health record system updates, the solution to EHR fraud may involve new guidelines and regulations that require additional and more exhaustive EHR training.