Compliance & Fraud Prevention In The EHR. Terri Hall, MHA, RHIT, CPC, CAC Billings Area Office Indian Health Service HIM/RM Coordinator. Definition of Healthcare Fraud.
Terri Hall, MHA, RHIT, CPC, CAC
Billings Area Office Indian Health Service
Intentional deception or misrepresentation, or deliberate omission that the individual or entity makes, knowing that the misrepresentation could result in some unauthorized benefit to the individual, or the entity or to some other party.
(National Healthcare Anti-Fraud Association)
2001 AHIMA Practice Brief
Definition of the Health Record for Legal Purposes defines the legal health record as “the legal business record generated at or for a healthcare organization. This record would be released upon request. (M. Amatayakul AHIMA 72, no.9 (2002): 88A-H)
Advance directives, allergy records, documentation from alerts and reminders, analog and digital photographs, anesthesia records, care plans, consent forms, consults, images, discharge instructions, DS, e-mail messages containing patient-provider or provider/provider communications regarding care, ER records, fetal monitoring strips, functional status assessments, graphic records, immunizations, instant messages, I&O, med orders and profiles, (MDS, OASIS, GPRA, ORYX - used in the course of patient care) progress notes, nursing assessments, OP reports, Patient Identifiers, patient submitted documentation, path, education, psychology, post it notes, practice guidelines or protocols, problem lists, H&P, research records, respiratory, PT, Speech, Occupational, results of tests, studies, standing orders, telephone messages, telephone orders, trauma tapes, verbal orders, wave forms ECG, EMG, EKG, M&M-COP required by CMS.
BROKE ALL OF THE POWER POINT RULES!!!!
Examples of documents/data that should be evaluated for inclusion or exclusion from the LHR…
Audio files of dictation
Audio files of patient telephone calls
Nursing shift to shift reports handwritten or audio
Videos of office visits
Videos of procedures
Videos of telemedicine consultations
Videos of Behavioral Health telemedicine visits
EHRS is a concept that consists of numerous integrated, component information systems and technologies.
The electronic files that make up the EHR system’s consist of different data types, and the data in the files consist ofdifferent data formats.
Do you have a system/process in place to
ensure the integrity of the data in the EHR?
Working together to ensure that the technical tools fit the tasks and the environment for all uses of health care information.
Ideally suited to provide domain expertise and
Conscientious advocates, ensuring that the EHR system
is optimally planned, chosen, implemented, and
The traditional and continuing custodian of the medical
record and medical record system, regardless of the
Trained to ensure the quality, privacy, and integrity of
the EHR, whether on paper or electronic!
Today, the HIM Professional is an integral part of the team that maintains vigilance over the health information technology realm, so that health information management standards are consistently applied across all systems in order to maintain the level of integrity of the data which is necessary for the clinical, risk management, and medical-legally sound operations of the healthcare organization.
In complying with all laws and regulatory requirements and to operate in
an ethical manner?
Defining and prohibiting the entry offalse information?
Definingindividual responsibility and accountability for the accuracy and
integrity of information/data?
For notifying management of errors which are discovered?
Promoting mandatory training covering the falsification of information
and information security?
Has assigned responsibility to someone for the organization’s
information security program?
How will you keep track of what is still on paper and what is in the EHRS?
A duel element authentication should be considered as a
reasonable control policy.
Electronic Tools that Enable “Borrowing” Data from Another Source
Professional Services – E&M Code
A patient had a number of medical tests and diagnostic evaluation in an outpatient clinic over a two week period. The patient requested a copy of his MR along with the bills for services. The E&M codes he found were consistently at the highest level (5). The patient was a retired auditor for health plans and he noticed that the medical history was “pulled through”within departments, between department and in subsequent visits with the same provider using the EHR system, even when the visits did not include the clinician taking a history! He reported this to the fraud division.
A state department of health surveyoridentified a nurse at the community hospital documenting the same text on progress notes completed for several patients on her caseload. This practice involved copying and pasting the same text from one record to another, neglecting to accurately document the variations from one patient to another.
Example: the patients response to meds may differ, request for follow up date and time may differ.
Thus, Medicaid Fraud Division imposed fines and penalties for payment for care which was not rendered at the level of service claimed.
Patient admitted to hospital for workup to determine Hypertensive
Patient is status post mitral valve replacement with porcine graft and also with pacemaker. The physician progress notes in a hospital based EHR were copied and pasted multiple times by the attending physician, consulting physician and residents, using a convenient “macro” feature available in the software. The teaching physician made this a regular practice to copy and past the resident notes as his own, thus saving time. A new resident misdiagnosed the patient with adrenal insufficiency and recorded the incorrect diagnosis in the MR. Due to the normal routine of “borrowing” documentation higher E&M codes were assigned based on the diagnosis and treatment, and at the same time creating a patient safety and quality of care issue from reliance on inaccurate MR documentation. The patient died from a med error in an attempt to treat the adrenal insufficiency which she did not have!
This hospital made sure that their EHR had specific patient
safety and documentation integrity tools built into the design.
The integrity of data is of extreme importance because it is used to identify and track patients as they move from one level of care to another.
Data is used to verify the identity of an individual to insure that the correct patient is receiving the appropriate care and to support billing activity.
Clinical Notes with difficulty in date association…
Patient seen on September 2, 2006 and informed the physician of a
possible reaction to a prescribed medication. Physician is side tracked and
does not enter visit information. On September 5th the same physician
is back on duty and realizes he did not made an entry for the September 2nd visit.
The physician decides that he wants the date to reflect the actual date the
patient was seen, so he changed the date to Sept. 2, 2006 @ 11:30 am. He
proceeds to enter the documentation, documenting the symptoms the patient
described surrounding the medication reaction as best he could.
When another provider reviewed the record, he saw the “new” note. This
provider worked over the weekend and did not recall seeing this information.
Upon further review the clinician sees that the date displayed is Sept. 2, 2005
@ 11:30 am.
Clinical notes with difficulty in data association…
Text capability in the EHR has built in data functionality hard coding the date a note is entered or capability to “Lock Visit”- 2 days – if provider forgot to document note.
The clinician should have the ability to associate the note with a date of service to reflect both a reference date of when they saw the patient as well as an indication of a late entry/addendum/clarify.
Both of these dates are important to best practices in HIM.
A facility has multiple biomedical peripherals connected to the EHR: Portable EKGs, IV Infusion Pumps, Etc. The main system has a synchronized clock for display with date and time stamping on notes, lab results, etc. Quality indicators say that an EKG must be performed within 10 minutes of arrival to the ER for chest pain patients. The patient is brought to the ER at 23:55 on 9/1/2006. An EKG is started and completed per orders entered at 23:57. EKG is uploaded, read and interpreted. At 00:30 on 9/2/2006 the clinician completes her documentation of the assessment and orders admission for AMI. Upon review, the EKG is reported as being ordered @ 23:57, but not completed until 9/2/2006 @ 00:45. This is 15 minutes after the note entered by the clinician, stating the EKG was done and showed ST Elevation MI.
Note: This case fell out of PI review, and would have difficulty
Standing up in court. The linkage of peripherals needs to have the
clocks on each system synchronized to support the integrity of the
Failure of an EHR system to provide appropriate safeguards against med errors, including either the wrong patient, wrong drug, or failure to consider all available data can contribute to poor quality care.
The physician order entry software provides the capability for default self selection upon entering the first (3) letters of the drug. The physician wanted Norfloxacin (antibiotic for eye infection) and typed in NOR, but Norflex (muscle relaxant) came up. Both are oral medications. The order was signed and the meds made available for pick up .
The patient began taking the Norflex and returned to the ER by rescue squad later the same week with a septic shock due to a very serious bacterial infection of the left eye.
Built in safeguards in the (CPOE) software suite to prevent med errors.
The system does not allow software to self select (or default), and requires a second validation.
The system provides the user the opportunity to finish typing.
The software provides a list of options (or drop down menu) he user can select from, then provides alerts or reminders from a knowledge base.
Per policy no abbreviations are allowed in the ordering of the full name of the drug.
The system provides a warning message at the time of signature for contraindications and potential adverse effects.
The system asked the provider to verify selection of Norfloxacin as it is noted in the current med history that the patient experienced an anaphylactic reaction to another antibacterial agent.
Michelle Dougherty, RHIA, CHP
Access & availability
Storage & security
Public key infrastructure (PKI)AHIMA March 2007 Journal – Core HIM Principles