Essential Guide

EHR regulations, interoperability top patient record concerns

A comprehensive collection of articles, videos and more, hand-picked by our editors

EHR copy and paste fraud risks drawing in provider compliance officers

The controversial practice of using EHR copy and paste functions to move text between patient records is drawing compliance-officer scrutiny.

NEWTON, Mass. -- Physicians using EHR copy and paste functions to replicate data in patient records is growing into an epidemic -- and CMS, compliance officers at healthcare provider organizations and patients themselves are taking notice.

Our clients are getting more patient complaints. When they have a $5,000 or $10,000 deductible, they don't want to pay for that.

Lori Laubach,
partner, Moss Adams LLP

During a time when more patients than ever are speaking out when more-care-than-expected shows up on their billing statements, presenters at the Health Care Compliance Association's New England Regional Annual Conference confirmed they had participated in this year's initial HHS Office of the Inspector General (OIG) reviews of services billed to Medicare.

In those reviews, providers must document medical necessity for services rendered. Cloned text in a patient record or text created with similar EHR shortcuts -- poorly designed templates or "exploding notes" that populate blank fields with standard text -- can be red flags that raise suspicions that justification for a particular billing code isn't there. It also calls into question the authorship of a block of text and the integrity of the patient record itself: Did the physician even write it? How do you prove that?

Exploding notes can be particularly troubling, said Lori Laubach, partner at Seattle - headquartered accounting firm Moss Adams LLP, and who has much experience auditing healthcare providers' EHRs. Sometimes, coding analytics programs and natural language processing systems use algorithms to help coders identify correct billing codes based on word count. Even if they don't, Laubach said, chances are that enough verbiage "explodes" with these shortcuts that it can increase the risk of upcoding and make medical necessity difficult to prove.

Patients get the shaft in the end

While getting in potential hot water with payers for submitting fraudulent claims is a severe risk, the compliance folks tend to believe that the main risk associated with EHR copy and paste is the eroding quality of patient care. When semi-true or outright false information is entered into an EHR, it can be difficult or impossible to expunge. It can also lead to wrong care decisions and undue financial hardship on over-billed individuals, especially those with high-deductible health insurance policies.

"Has anybody tried to fix records and seen how hard it is?" Laubach said. "You end up with addendums or amendments. Trying to delete something out of these is very difficult. We also saw drug use and a bipolar diagnosis showed up in one patient's record and billing information. As we know, errors really don't truly go away."

Laubach told an anecdote of one patient who kept getting billed for a comprehensive exam on regular visits to one of her client's physicians, when it was obvious the patient was getting partial exams at the most. It hit the patient in the wallet, because he hadn't yet met his policy's deductible for the year. A subsequent compliance department investigation showed he indeed had been a victim of his physician's EHR copy and paste.

The EHR copy and paste saga

  • Last year, one of CMS's large Medicare administrative contractors, National Government Services, issued a bulletin titled ""Cloned Documentation Could Result In Medicare Denials For Payment."
  • The Center for Public Integrity followed with its "Cracking the Codes" series, a two-year investigative project systematically breaking down the process of how EHRs, used improperly, can be used as tools for "upcoding," or billing for more care than a physician administered.
  • The New York Times jumped into the fray with its own report, which HHS followed two days later with strong warnings to providers that some uses of copy and paste are tantamount to fraud.
  • This year, the agency's Office of the Inspector General began random reviews of Medicare providers for evidence of cloned documentation.
  • ONC conducted hearings last spring to explore whether meaningful use plays a role with national billing trends.

"Our clients are getting more patient complaints," Laubach said, adding that the 2013 landscape of bigger health insurance deductibles and co-pays force patients to read their bills more closely. "When they have a $5,000 or $10,000 deductible, they don't want to pay for that."

In an informal show-of-hands poll of the several hundred conference attendees, more than half indicated that patients had similarly triggered physician billing audits at their facilities.

Compliance departments asking for automated detection tools

The threat of OIG audits coupled with patients uncovering billing discrepancies traceable to copy and paste have led compliance leaders at healthcare provider organizations to team up with IT departments to gauge the frequency of its use among their own doctors. In turn, it's leading to policies and procedures devised to stamp out the practice.

Proactive healthcare providers are developing both manual and primitive IT-driven workflows to electronically detect copy and paste in EHRs. This can involve using pasting text into Microsoft Word and using "document compare" features or other plagiarism-detection tools, or setting up spreadsheets for even more manual comparisons of two records, side by side, and documenting the results.

Those experiments were the basis for the auditing program at New York's Weill Cornell Medical College, which involves compliance staff examining a set of a physician's records involving the same patient over multiple visits. Procedures documented with cloned text (physicians helped design the program, down to the definition of "what construes cloning") are neither billed nor reimbursed, as per hospital policy. When too many instances of cloned text -- below the threshold of 95% original text -- appear in initial audits, it triggers a more rigorous follow-up.

When docs flunk subsequent audits, up to and including "painful" scrutiny of 100% of their past records, compliance administrator Maria Joseph said, they are assigned their own coders to work with them. Of course, the coder and what she describes as "the chronic offender" physician are subject to further monitoring when that happens. The program is working for the health system's 1,000 physicians because its every component, including training modules each physician must take, was designed with much physician input, she said.

"We appealed to their professionalism," Joseph said, when the health system rolled out the auditing program. "This is as much about good care as it is about compliance for us."

Joseph said that the compliance community seeks developers to create more refined detection tools. Laubach added that many of her clients are pushing Epic Systems Corp. to make the use of copy and paste noted in the audit log generated for each patient record, in hopes that smaller EHR vendors will follow suit.

Let us know what you think about the story; email Don Fluckinger, news director, or contact @DonFluckinger on Twitter.

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

EHR regulations, interoperability top patient record concerns