Do EHRs Encourage Healthcare Fraud?

By Christine Kern, contributing writer

A recent report shows the potential exists to use electronic health records to commit Medicare fraud and abuse.

Healthcare’s transition to universal EHR adoption and oversight is driven in part to help prevent fraud and reduce expenditures, however investigations show the use of electronic records can actually have the opposite effect.

 A semi-annual report to Congress from the Department of Health and Human Services’ Office of Inspector General acknowledged the potential for EHR use to lead to Medicare fraud and abuse. Despite the recognition that EHR technology may make it easier to commit fraud, the Centers for Medicare and Medicaid Services and its contractors have yet to adjust their practices for identifying and investigating such fraud, according to OIG.

"Few contractors reviewed EHRs differently from paper medical records. Also, not all contractors reported being able to identify copied language or over-documentation in medical records," says OIG in the report. “Finally, CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities."

Auditors revealed only about one in four hospitals have instituted policies regarding the use of the copy-paste feature in EHR technology, which, if used improperly, could pose serious fraud vulnerability. EHRs can be easily "cloned," meaning that a patient is charged for services not received because the provider found it easy to copy-and-paste a record from a different patient. It is also easier for providers to exaggerate the level of care or the severity of a disease by "upcoding,” which may involve simply clicking a box to trigger a higher billing charge.

A recent report prepared by an advisory group for the Agency for Healthcare Research and Quality argues these kinds of abuses should be readily identified by electronic analysis of EHRs and that fraud can be reduced by exploiting EHR data. However, to accomplish that reduction, a combination of clearly articulated expectations for appropriate billing, training on the appropriate use of EHRs, and EHR data analytics to reduce these potential sources of abuse need to be in place, according to the report.

The advisory group argues that electronic access to health data will make it easier to identify fraudulent activity, although to date little effort is being made to use EHRs to identify and reduce even the simplest of healthcare fraud.

"Clear indications of fraud should be easy to identify and simple actions can be taken to eliminate their sources," the report to AHRQ states. "For example, delivery of disease-specific healthcare products to patients who have not been diagnosed with the corresponding disease could be uncovered by matching claims to diagnoses in EHRs."

Further, the report concludes that development of more sophisticated data analytics would allow investigators to uncover more obscure patterns of fraud. They recommends that collections of de-identified EHR data be made available for researchers to develop strategies and algorithms to uncover subtle patterns indicative of fraud, and to adapt these algorithms to the changing tactics of fraud.