Roughly half of all medical practices have implemented EHR, but they still have a long way to go in terms of meaningful use and recovery audit contractors.
Financial penalties await those healthcare providers who do not implement electronic health records (EHR) and who do not participate in the meaningful use incentive program by 2015. These financial penalties include a 3 percent annual reduction in Medicare and/or Medicaid fees. This was the likely impetus of the substantial increase in participation from 2009, from approximately 15 percent to 44 percent.
The Department of Health and Human Services' January 2014 report highlights potential fraud pitfalls in relation to EHRs, and areas of HIPAA compliance that are lacking. Of the areas identified, audit logs were a significant area because of the "copy-paste" function and the potential for inaccurate and inappropriate charges, which could lead to Medicare fraud. In relation to this issue, the OIG recommended:
• Audit log implementation whenever EHR technology is available for updates and viewing;
• CMS coordinates with The Office of the National Coordinator for Health Information
Technology (ONC) to address fraud vulnerabilities; and
• CMS develops guidance on "copy-paste" or "cloning" features in EHR technology.
Providers and their business associates should mirror the efforts of CMS. With the close attention being given to the "Two-Midnight Rule" and physician attestation to the medical necessity of an inpatient stay, as well as hospital acquired conditions (HACs), the scrutiny providers are facing in relation to what they are submitting for reimbursement is intense. Given that an ounce of prevention is worth a pound of cure, addressing this now may save a great deal of time and expense in the event of an audit and/or a lawsuit.