What Anesthesiologists Should Know about the OIG’s Interest in Electronic Health Records

Electronic health records (EHRs) make it easier to document patient care with incorrect information, not just with desirable data.  To put it bluntly, as does the Health and Human Services Office of the Inspector General (OIG) in its just-released report Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology, “Experts in health information technology caution that EHR technology can make it easier to commit fraud.” 

The technology can also facilitate unintentional errors, particularly if the provider is not certain whether he or she is reporting a case in perfect compliance with Medicare requirements.  Consider the copy-and-paste feature of many software applications (including Windows).  This feature allows providers and other users to retrieve information from one place or one record and place it in another through a few mouse-clicks.  If a pain physician knows that a carrier will only deem repeat facet joint injections medically necessary “when the patient had ? 50% improvement of pain and improvement in patient specific activities of daily living for at least three months,” for example, it would be efficient to use a copy-and-paste template such as: “patient had ? 50% improvement of pain and improvement in patient specific her activities of daily living for at least three months,” deleting only the words crossed out—as we just did here.  Medical histories or progress notes of much greater length and detail can also lend themselves to this practice, known as “cloning.”  Accuracy and applicability to the particular patient may be lost in the interest of expediency.

The OIG report specifically addresses cloning.  Indeed, the report recommends that CMS work with the Office of the National Coordinator for Health Information Technology “and hospitals to develop guidelines for using the copy-paste feature in EHR technology. Specifically, CMS should consider whether the risks of some copy-paste practices outweigh their benefits. For example, CMS could provide guidance to hospitals on copy-pasting identical text in records of multiple patients.”  In her memorandum response, which appears as an appendix to the report, CMS Administrator Marilyn Tavenner agreed that CMS will develop “copy-paste guidelines to ensure that this feature is used appropriately for enhancing clinical efficiency.”

Other vulnerabilities of EHR identified in the OIG report include the facility with which duplicate claims can be processed and the “overdocumentation” and upcoding of services through auto-population or automatic reminders regarding the requirements for reporting a higher level of service. 

Evaluation and management (E/M) services are of particular concern to the OIG given their five levels of increasing payment corresponding to increasing levels of complexity of care.  The number of E/M services has risen more quickly than other categories of medical services over the past decade, and higher-level claims have grown the most rapidly. 

Anesthesia services do not lend themselves to the same type of complexity-creep as do E/M services.  (The use of actual time in the valuation of anesthesia is an advantage, in this instance.)  Our specialty has its own areas in which EHR technology can lead to reporting errors, such as:

• Recording time:  some EHRs default to the time of documentation and do not allow overrides to indicate the time that the service was provided.  The result can be irregularities like intubation apparently occurring after the surgical procedure has begun.
• Cutting and pasting from another provider’s entry in a hospital EHR—the surgeon may have decided that a different procedure was more appropriate for the patient and modified the hospital EHR, but the anesthesia record is not updated correspondingly.
• “Several physicians involved in a single OR procedure—the EHR may not permit a second physician, e.g., the anesthesiologist who comes in to place an arterial line, to sign in to the system unless the first physician has signed out, although the latter will be doing the case."

ABC has been fully aware of the OIG’s concerns regarding EHRs and in developing its mobile Anesthesia EHR, myAnesthesia, worked to avert the type of errors identified by the OIG.  myAnesthesia naturally documents all procedure times and allows the clinician to modify them as necessary.  It will document multiple providers on a single patient encounter.  The product mirrors the anesthesia provider’s workflow while ensuring compliance with CMS regulations.

The OIG’s and CMS’ interest in tackling EHR vulnerabilities to fraud means that EHR systems are likely to be changing for all users over the next few years.  It is worth recalling that the concerns over the potential for EHR technologies to bend the cost curve in the wrong direction are not new.  The OIG Work Plans for 2012 and 2013 both indicated that the government was watching the issue.

The new OIG report was based on a study showing the extent to which hospitals that received EHR Medicare incentive payments between January 2011 and March 2012 implemented safeguards to protect against health care fraud.  The safeguards came from fourteen recommendations in four major categories: 

1. Audit functions
2. User authorization and access controls
3. Data transfer standards, and
4. Patient involvement in anti-fraud activity

previously provided to the OIG through a contract with an IT firm, RTI Technologies.  The recommendations had been made public.  As they were not enforced through EHR certification criteria or through meaningful use requirements for the Medicare EHR incentive program, though, the OIG found that hospitals were employing EHR fraud and abuse safeguards to varying degrees.   Accordingly, the OIG now recommends, in addition to the development of copy-and-paste guidelines, that audit logs be operational and users should be prevented from disabling the logs whenever EHR technology is available for updates or viewing. 

The various vulnerabilities and solutions discussed by the OIG are all noteworthy, since they will guide the development of EHR technology.  Anesthesiologists and other physicians should be aware of the OIG’s announced intention to develop comprehensive plans to deter EHR fraud and abuse, together with CMS and ONC.  Such plans will in all probability reflect some or all of the recommendations that OIG received from RTI Technologies, which are as follows:

As a practical matter, anesthesiologists who are investigating EHR technologies for their practices might want to check vendors’ familiarity and response to the RTI recommendations.  All of the recommendations will not necessarily become requirements for EHR certification or for meaningful use—technology itself is evolving so rapidly that at least some of the recommendations are obsolescent already.  Nevertheless, the OIG has made it clear that it intends to seek ways to strengthen not just fraud prevention, but also to increase data validity, accuracy, and integrity.  EHR purchasers and vendors should be paying attention.