OIG: Plan Needed to Address EHR Fraud Vulnerabilities

The Centers for Medicare and Medicaid Services and the Office of the National Coordinator for Health IT must develop a comprehensive plan to address fraud vulnerabilities in electronic health records, argues the Department of Health and Human Services’ Office of the Inspector General.

That’s the conclusion of OIG in its 2015 edition Compendium of Unimplemented Recommendations released this week, a document that lays out auditors’ top 25 unimplemented recommendations that “would most positively impact HHS programs in terms of cost savings and/or quality improvements and should be prioritized for implementation.”

Citing health IT experts, OIG argues that EHR technology has the potential to make it easier to commit fraud. “Fraudulent altering of EHRs not only harms the defrauded programs, it also puts patients at risk,” warn auditors.

Also See: Do EHRs Cause or Cure Fraud?

To address this vulnerability, ONC contracted with research firm RTI International to develop recommendations to enhance data protection; increase data validity, accuracy, and integrity; as well as strengthen fraud protection in EHRs. Yet, auditors say those efforts have been ineffective.

“HHS must do more to ensure that all hospitals’ EHRs contain safeguards and that hospitals use them to protect against electronically enabled health care fraud,” states OIG. “We found that nearly all hospitals with EHR technology had RTI-recommended audit functions in place, but they may not be using them to their full extent.”

In particular, OIG found that only about one quarter of hospitals had policies regarding the use of the copy-paste feature in EHR technology, which, if used improperly, could pose fraud vulnerabilities.

While CMS stated in July 2014 that it is planning to work with ONC to develop a comprehensive plan to detect and reduce fraud in EHRs, OIG indicates that it will not consider its recommendation implemented until auditors receive, review and approve the plan.

For reprint and licensing requests for this article, click here.