There was a flurry of public attention concerning electronic health records (EHRs) and fraud during a single week in September 2012. First, the Center for Public Integrity, a non-profit investigative news organization, published a study that showed an increase in Medicare billings concomitant with the switch to EHRs. A front-page article in The New York Times followed on the same subject. Then an hour on National Public Radio (NPR) was devoted to the pros and cons of EHRs and cited both publications. Finally, an editorial in The New York Times discussed EHR abuse and called for action to prevent fraud from detracting from the positive effects of EHR implementation. Although it was widely acknowledged that, indeed, billings, particularly E&M code levels, had increased after hospitals and practices had switched to EHRs, there were mixed opinions as to how much of this increase represented legitimate improvements in documentation and even legitimate improvements in overall care, and how much was fraudulent.
Opinions are mixed primarily because all we have are opinions—not facts, as this issue has not been studied. There are logical reasons to believe that the increase in billing is, at least in part, legitimate, and even reflects better patient care. On the other hand, there are equally logical reasons to suspect that many of the tools embedded in EHRs are used fraudulently. There is undoubtedly some of each going on.
The question is: Where do we go from here? Judging from the reactions to these events, little is likely to change. The leadership of the medical informatics community reacted as they typically do whenever EHRs are criticized: If there is fraud, it is not the fault of the EHRs but rather a tiny minority of criminals and anyway, it is inconceivable to think of a future without EHRs. Or: Change is difficult. You have to expect some problems. Or: It is the reimbursement system that needs to change. We must reward value not volume of documentation. All of these reactions are reasonable. None suggest, however, that EHRs must change.
The reaction from Dr Farzad Mostashari, the National Coordinator for Health Information Technology, was also typical. During the NPR discussion he praised the success of the incentive program to increase adoption of EHRs and reiterated that the goal was not simply adoption but meaningful use of EHRs to improve patient care—not billing. No mention of improving EHRs themselves.
Finally, the reaction from the Obama administration was typical. Within days of the two publications, a letter was sent to the major hospital provider organizations signed jointly by Department of Health and Human Services (DHHS) Secretary Kathleen Sebelius and Attorney General Eric Holder warning that abuses in EHRs such as cloning and ‘coding-up’ will not be tolerated and emphasized stronger enforcement and prosecution of offenders. The American Hospital Association immediately reacted with their own letter defending their integrity and blaming the administration for lack of clear guidelines regarding E&M code determination. Again, no focus by either side on the EHRs themselves.
So, where should we go from here? First, we must acknowledge that facts are difficult to obtain in this situation. The studies carried out by the Center for Public Integrity and The New York Times are good first steps and are hypothesis generating. They show that there is a correlation between EHR adoption and an increase in E&M code levels. However , a much more in-depth analysis is needed both to verify this relationship and determine its causes. Such an investigation would require more than examination of claims data—it would require record review and cooperation from provider sites and patients. It would also have to determine the difference between improved documentation for medically necessary events, excessive and unnecessary histories and physical examinations accurately documented, and documentation for events which did not actually occur. The former is desirable, the latter two are fraudulent. However, such studies would be costly and time consuming and would have to be funded by DHHS. Currently no agency seems to be interested in funding such a study nor any researcher who would like to participate in one.
Certainly, if we were to eliminate the E&M code system altogether and base reimbursement entirely on value, such a study, at least regarding E&M coding, would be moot. Hopefully that will happen one day, but in the meantime, there is still much that can and should be done. This is not a new topic nor was this problem unanticipated. Two expert panels convened by the Office of the National Coordinator (ONC) in 2005i and 2007ii warned of the potential for increased fraud with EHRs and made recommendations to ONC on how to reduce it. These recommendations have been largely ignored as discussed previously in this journal.1 2 For example, as recommended in one of these early reports, there is absolutely no reason why any EHR should contain ‘decision support’ that is solely for the purpose of coding-up. Nevertheless, such software exists today in certified EHRs. However, ONC can simply make a vendor's product a candidate for decertification if a compliance officer or anyone else reports that such software is being used. The same could be done for ‘cloning.’ In fact, today certified EHRs contain multiple tools that should be considered as grounds for decertification. The point is that EHRs, themselves, do need to change with respect to their potential to enable fraud.
Other changes in EHRs besides the elimination of certain tools would go a long way toward reducing fraud. EHRs today generate metadata, such as user/date/time stamps, that are useful in audit logs for various purposes. These data could be expanded in scope and made available to fraud analytics programs, which would greatly enhance the ability to detect potentially fraudulent claims prior to payment—a task now consuming much energy and cost at the Centers for Medicare & Medicaid Services (CMS). However to do this, ONC would need to determine the optimal metadata, standardize it, and require its production in certified EHRs. Finally, the whole area of provider and patient authentication at the point of care deserves a serious cost/benefit analysis of the many alternatives to our current weak system.
The main point here is that ONC must take the lead in determining what changes in EHRs would likely reduce fraud and in implementing those changes. Right now, ONC does not believe fraud is a part of its mandate. That mandate, they say, belongs to CMS and the Office of the Inspector General (OIG), although they certainly are cooperative with any CMS or OIG efforts to reduce fraud. This attitude and even this reality must change, which may require legislation. ONC needs not only the mandate, but also the funding to focus on this issue. CMS detects fraud, OIG prosecutes fraud, but only ONC can effect changes at the point of care to prevent fraud and make it easier to detect. CMS and OIG need to cooperate with ONC in this effort—not the other way around as currently.
Funding: None.
Competing interests: None.
Provenance and peer review: Not commissioned; externally peer reviewed.
Report on the Use of Health Information Technology to Enhance and Expand Health Care Anti-Fraud Activities, Prepared for the Office of the National Coordinator by Foundation of Research and Education, American Health Information Management Association, September 30, 2005.
Recommended Requirements for Enhancing Data Quality in Electronic Health Record Systems, Office of the National Coordinator prepared by RTI International, June 2007.
References
- 1.Simborg DW. Healthcare fraud. Whose problem is it anyway? JAMIA 2008;15:278–80 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 2.Simborg DW. There is no neutral position on fraud! JAMIA 2011;18:675–7 [DOI] [PMC free article] [PubMed] [Google Scholar]