EHR Audits on the Rise

In January 2014 the Department of Health and Human Services Office of Inspector General (OIG) announced that electronic health records (EHRs) have created new exposures to healthcare fraud and abuse, and, as a result, they requested CMS and their contracted MACs revise their approaches to protect against fraud and abuse. Experts in the health information technology field caution insurance companies that certain EHR features make it easier to create fraud.

The Department of Justice, CMS, and other insurance companies look at practices’ billing histories, and how they compare to those of other practices. When they find an outlier, records are requested. They audit records for fraudulent and abusive activity. Health care fraud costs the $75 billion to $250 billion a year, so third-party payers are watching billing practices closely. In this article, I will address the areas that CMS and other carriers will be focusing on when performing EHR audits and how to avoid these pitfalls.

Advertisement

What two areas of EHR documentation are CMS and other third-party payers focusing on in their audits?

1. Copy-Pasting:

or cloning is when a practitioner selects information from one document and replicates it to another document. This is easy to do with many EHR systems because many are template-based. Instead of re-typing information that has not changed from one visit to the next, it is time saving and efficient to just copy and paste an existing note from a previous visit. Unfortunately, this is not a good practice. Cloning often is misused. Practitioners often clone information that needs to be updated. Often cloned information is inaccurate and may not even pertain to the patient’s current condition. These errors can result in the use of incorrect diagnosis codes and CPT® when billing third-party payers, leading to an investigator’s determination of fraud or abuse during EHR audits. 

2. Over- documentation:

This occurs when a practitioner’s notes are false or irrelevant to the case but are used to increase the volume of documentation so the practitioner can bill a higher level of service. The use of templates that are built into EHR systems or clicking a checkbox on a program can generate extensive auto-populate documentation that may not pertain to a patient’s current case. Over-documenting to inflate services is fraudulent. 

How can a practitioner avoid making these documentation errors?

1. Common Copy-Pasting Errors:

Copying and pasting sections from the patient’s examination notes to the patient’s SOAP notes is a common documentation error. If you performed a test once during the patient exam, do not copy and paste these tests on every SOAP note unless you are performing the test each visit. I have read notes where patients’ positive orthopedic tests and range of motion results are copied and pasted from patients’ initial exams to each subsequent SOAP notes. I have seen the same vitals copied visit after visit. For example, documentation that says a patients’ blood pressure is 110/72 and pulse is 76 for 12 visits becomes a red flag in EHR audits that fraudulent activity may be occurring. If you are not performing the service on the visit you are documenting, then do not include it in your notes. 

Copying the subjective part of a SOAP note visit to visit is another area of concern. I have seen documentation where the subjective portion of the note states “Patient says their neck pain is the same” for visit after visit. If your last 12 visits have the same subjective note, it is a red flag in EHR audits that your notes are cloned. 

2. Over-DocumentationErrors

Quantity does not equal quality. I have read through lengthy notes that contain a lot of information but still do not justify the patient care. I have had conversations with doctors who say they documented much information, but the reviewer still says the care is not medically necessary. Auditors are highly trained to distinguish between information that supports the patient’s diagnosis and information that is not pertinent to the patient’s care. Stick to the information that supports your care. 

3. EHR Safeguards

EHR systems have audit logs, access controls including passwords, and export controls that restrict a practitioner from transferring data. Many practitioners disable these systems or fail to use them. Audit logs are the best way to avoid fraud and abuse. They can track changes within a record by tracking date, time and user stamps for each EHR update. An audit log can analyze patterns and data inconsistencies that can lead to fraud and abuse. 

Conclusion

Most documentation errors are not intentional, but even non-intentional errors can cost practitioners large sums of money and disciplinary sanctions. Documentation compliance is more important than ever as we change over to ICD-10 diagnosis codes. These codes demand higher quality documentation. Take a close look at your notes or hire a medical compliance specialist to conduct EHR audits of your notes. I am a proponent of EHR when it is used correctly. To find more information about EHR, visit the ICS website. 

The information contained in this article is for educational purposes and is not intended to be and is not legal advice. Kristen Curtis DC does not engage in providing legal services. If legal services are required, the services of a healthcare attorney should be obtained. The information in this article is for educational purposes only and should not be construed as a written policy for any federal agency or private health care insurance agency. Kristen Curtis DC assumes no liability for data contained or not contained in this article and assumes no responsibility for the consequences attributed to or related to any use or interpretation of any information or views contained in or not contained in the article.