Report: CMS, ONC Must Address Hospitals’ EHR Fraud Vulnerabilities
March 20, 2015 in News
CMS and the Office of the National Coordinator for Health IT need to develop a plan to implement protections against fraud vulnerabilities in electronic health records, according to an HHS Office of Inspector General report, Health Data Management reports.
The Compendium of Unimplemented Recommendations report outlines and prioritizes 25 unimplemented suggestions that OIG believes would benefit HHS in terms of:
- Cost savings; and
- Quality improvements.
According to the report, EHRs can make it easier to commit fraud, which “not only harms the defrauded programs, it also puts patients at risk.” Therefore, the report stated, “HHS must do more to ensure that all hospitals’ EHRs contain safeguards and that hospitals use them to protect against electronically enabled health care fraud” (Slabodkin, Health Data Management, 3/20).
The report found that while most hospitals have adopted EHR systems, they might not be using them to their full capabilities to protect against fraud (Allen et al., “Morning eHealth,” Politico, 3/18).
For example, OIG found that only about 25% of hospitals had policies in place regarding the copy-paste feature of EHR systems (Health Data Management, 3/20). The report recommended that CMS create guidance for using the feature (“Morning eHealth,” Politico, 3/18).
OIG said that it will not consider its recommendations implemented until auditors receive, review and approve a plan to detect and reduce fraud, which CMS in July 2014 said it would develop with the help of ONC (Health Data Management, 3/20).
Meanwhile, the report also recommended that CMS:
- Improve the Medicare appeals process at the administrative law judge level by standardizing case files and making them electronic; and
- Implement an automated system that will reconcile Medicare outlier payments (HHS OIG report, 2015).