In early January, 2014, the Office of Inspector General ("OIG") for the Department of Health and Human Services ("HHS") issued a report criticizing HHS's Centers for Medicare and Medicaid Services ("CMS") for failing to adopt stronger integrity practices governing electronic health records ("EHRs"). "CMS And Its Contractors Have Adopted Few Program Integrity Practices To Address Vulnerabilities In EHRs," oig.hhs.gov/oei/reports/oei-01-11-00571.pdf. Here are some of the OIG's challenges and concerns: "...clues within the progress notes, handwriting styles, and other attributes that help corroborate the authenticity of paper medical records are largely absent in EHRs. Further, tracing authorship and documentation in an EHR may not be as straightforward as tracing in a paper record. Health care providers can use EHR software features that may mask true authorship of the medical record and distort information in the record to inflate health care claims." These are legitimate issues for EHR users. Government health care programs such as Medicare and Medicaid, many insurance laws, and private payer contracts require prior documentation for every encounter as a matter of patient safety and proper billing. Also, under recent federal law, providers are receiving $22.5 billion in incentive payments to adopt EHRs and must attest to their compliance with EHR standards. The OIG recommends that CMS, working with their fraud detection contractors, develop more sophisticated EHR integrity and fraud detection standards and tools, and issue best practices and guidance. The OIG specifically recommends that CMS and contractors look at providers' EHR audit logs to help authenticate records, and develop approaches to detecting inappropriate cutting-and-pasting. In its response, CMS indicates that it is aware of these issues and is working diligently to address them. The agency has also initiated investigations of a number of providers on the grounds that the attestations they provided in order to obtain the EHR incentive monies were not sufficient, which could result in takebacks. Most hospitals, physicians and others have deployed EHR systems that have been designed and are maintained by third party vendors. Many providers may not have the sophistication to determine whether, for instance, an audit log system is adequate to detect abuse. Nevertheless, it is incumbent on all providers with EHRs to be aware of potentially unlawful uses; to work with EHR vendors that will represent that their products are fully compliant and that they have installed tools, such as audit logs, access controls and export controls and others as may be required by CMS; and to properly train all staff and clinicians that use EHRs.

This article is for general information and does not include full legal analysis of the matters presented. It should not be construed or relied upon as legal advice or legal opinion on any specific facts or circumstances. The description of the results of any specific case or transaction contained herein does not mean or suggest that similar results can or could be obtained in any other matter. Each legal matter should be considered to be unique and subject to varying results. The invitation to contact the authors or attorneys in our firm is not a solicitation to provide professional services and should not be construed as a statement as to any availability to perform legal services in any jurisdiction in which such attorney is not permitted to practice.

Duane Morris LLP, a full-service law firm with more than 700 attorneys in 24 offices in the United States and internationally, offers innovative solutions to the legal and business challenges presented by today's evolving global markets. Duane Morris LLP, a full-service law firm with more than 700 attorneys in 24 offices in the United States and internationally, offers innovative solutions to the legal and business challenges presented by today's evolving global markets. The Duane Morris Institute provides training workshops for HR professionals, in-house counsel, benefits administrators and senior managers.