Does Your EHR Put You at Risk For Fraud and Abuse Charges?
The adoption of electronic heath records (EHRs) has exploded over the past few years, largely due to incentives put into place by federal programs which offer subsidies to doctors and hospitals that acquire systems that conform to so-called “meaningful use” standards. A major force driving federal policy was the publication in 2005 of a RAND Corporation study suggesting that widespread adoption of this technology would result in efficiency and safety savings of “more than $81 billion annually”. Other researchers considered the estimates flawed, including analysts at the Congressional Budget Office, and other respected health care economists. It should be noted that the 2005 study was funded by a group of companies which stood to profit by developing and selling EHRs to hospitals and doctors, including General Electric, and the Cerner Corporation, whose revenue tripled (to $3 billion) since the paper was published. But, in January of 2013, the RAND Corporation published in Health Affairs a reanalysis, this time without support from commercial interests, offering the view that the potential cost savings had been substantially overstated. Although a number of factors were cited for the miscalculations, one that holds risk for providers is the design of EHR systems that facilitate what regulators describe as “upcoding”.
Those of you that have sat through EHR pitches from vendors have likely heard that the always-seen loss of productivity involved in adoption of an EHR will be “more than made up” by enhanced office revenue due to “better coding”. In a report published by the Center for Public Integrity in 2012, investigators identified a steady increase in coding for longer, more complex office visits from 2001 to 2010, resulting in $11 billion more paid out in Medicare costs by taxpayers-this coinciding with adoption of EHRs. The report described use of typical EHR software that creates “detailed patient files with just a few mouse clicks”, thus resulting in a higher level of reimbursement. This function is familiar to all of us as a “cut and paste” process which results in “cloning”, which might allow documentation of the same examinations/findings for multiple patients or for the same patient on multiple visits. A chairman of a government panel looking into the potential for fraud with use of EHRs said “It’s like doping and bicycling. Everybody knows it’s going on.”
This matter did not escape the notice of the Health and Human Services Office of the Inspector General (OIG). The OIG’s 2013 Work Plan included an extensive survey to hospitals that were receiving bonus payments for EHR “meaningful use”, part of which asked whether hospitals were employing safeguards to prevent possible fraudulent billing (three-quarters were not ). In September, 2012, HHS Secretary Kathleen Sibelius and Attorney General Eric Holder sent a letter to hospital leaders notifying them that “CMS is initiating …extensive medical reviews to ensure that providers are coding evaluation and management services accurately”. In the OIG’s 2014 semiannual report to congress, vulnerabilities to fraud engendered by improper use of EHRs was highlighted. Subsequently, four U.S. senators have demanded an investigation into potential fraudulent billing.
Bottom line for doctors: those of us that use EHRs in the hospital, but also in the office, face potential scrutiny for billing driven by EHR software. This is a very contentious issue for CMS, having paid out more than $30 billion in incentives to entice providers into EHR use, now being faced with a potentially explosive and embarrassing scandal. Identification of “cloning” of records to generate higher reimbursement is rather easily shown (as those of you who read your colleagues’ notes can attest), and if CMS and the OIG decide to play hardball, a lot of providers are at risk. My prediction is that the scrutiny will initially be on the hospitals, following Sutton’s Law (“that’s where the money is”). The scut work will be done by Recovery Audit Contractors (RACs), which are private entities, paid bounties of 10-25% of recovered overpayments, and they are not eager to spend days/weeks in auditing records to recover a few thousand dollars from a physician practice, when the same time spent in a hospital could result in a million dollar payday.