Many Potential Pitfalls Exist for EHR Users

Financial penalties await those healthcare providers who do not implement electronic health records (EHR) and who do not participate in the meaningful use incentive program by 2015. These financial penalties include a 3 percent annual reduction in Medicare and/or Medicaid fees. This was the likely impetus of the substantial increase in participation from 2009, from approximately 15 percent to 44 percent.

The Department of Health and Human Services' January 2014 report highlights potential fraud pitfalls in relation to EHRs, and areas of HIPAA compliance that are lacking. Of the areas identified, audit logs were a significant area because of the "copy-paste" function and the potential for inaccurate and inappropriate charges, which could lead to Medicare fraud. In relation to this issue, the OIG recommended:

• Audit log implementation whenever EHR technology is available for updates and viewing;

• CMS coordinates with The Office of the National Coordinator for Health Information

Technology (ONC) to address fraud vulnerabilities; and

• CMS develops guidance on "copy-paste" or "cloning" features in EHR technology.

Providers and their business associates should mirror the efforts of CMS. With the close attention being given to the "Two-Midnight Rule" and physician attestation to the medical necessity of an inpatient stay, as well as hospital acquired conditions (HACs), the scrutiny providers are facing in relation to what they are submitting for reimbursement is intense. Given that an ounce of prevention is worth a pound of cure, addressing this now may save a great deal of time and expense in the event of an audit and/or a lawsuit.