Truth or Fiction? Unintentional or Deliberate? Fraud or Abuse?

Health-E-Records LogoAs per Yixin’s last blog ‘Algorithms or Clinicians?’ it was concluded that using data that are readily available (such as in an Electronic Health Record (EHR)) can help increase prediction accuracy especially when a clinician’s expertise is combined with algorithms. The predictions will not only be useful, but also meaningful. That sounds like a great thing, but what happens when the data used to make these predictions are based on false data? Or even worse, fraudulent data? The Health Information Technology for Economic and Clinical Health (HITECH) Act which was enacted as part of the American Recovery and Reinvestment Act of 2009 was passed to help promote the adoption and “meaningful use” of health information technology, encourage the widespread adoption of the EHR, and authorize the Centers for Medicare & Medicaid Services (CMS) to incentivize doctors and hospitals that chose to use a “certified” EHR. The EHR may be doing great things for patient care, but they have also made it easier to commit fraud, according to several reports from the Office of Inspector General (OIG).

One such act that has the attention of the Health & Human Services, Office of Inspector General (OIG) is copying and pasting. Also known as cloning, this action allows end users of EHRs to select information from one source and replicate it in another location. Copying and pasting is a process used by many to save time in writing documents electronically. For EHR documentation, this act is often utilized when scribing progress notes and has the potential to infiltrate into other areas of a patient’s EHR. Fraud can occur when practitioners inappropriately copy-paste one patient’s information into another patient’s records to inflate claims.

Copy file clip art showing two identical pages and a green arrow indicating duplication
Copying and pasting is ubiquitous in today’s computer-centric environment

Another concern to the OIG is process of over documentation. This is when practitioners include false or irrelevant documentation in order to support billing for higher level services. In addition, because some EHR systems auto-populate fields when using templates or create extensive documentation after a single click of a checkbox, the medical record can become inaccurate if kept unedited.

A well-documented scheme to defraud healthcare payers, such as Medicare, is up-coding of diagnoses and procedure codes. One such example is “up-coding” the Diagnosis Related Group (DRG). The use of sophisticated statistical multi-faceted algorithms are being built and revised every day to help combat possible fraudulent healthcare claim records. These algorithms consider patient length of stay, rates of discharge, common illnesses associated with the DRG, increases in patients with DRGs from one period of time to another, and many other factors to identify suspicious DRG “up-coding” schemes.

A portrait of Sigmund Freud holding a cigar
“The paranoid is never entirely mistaken.” – Sigmund Freud

Fraud prevention when using an EHR takes more than just computer algorithms. It should also take into account the “human” component who plays a significant role in the creation of the data (data entry). Automation, computers, and digital data are all great things that have made our lives physically easier and communication between people practically instantaneous. For example, we no longer have to wait days or weeks to receive a letter from someone that is living in another country. Medical records no longer have to be sent via mail or faxed from a cardiologist’s office back to a patient’s primary care provider so that care is coordinated. Information can all be retrieved easily from a click of a computer button. But just as data in a computer can be never be totally secure, neither can computers be programmed to catch every fraud, waste, and abuse scenario. The human brain is far better than the computer brain, at least so far. As long as the documentation (data) entered into the computer meets the computer program’s criteria (the algorithm), it “works” just fine.  Nevertheless, computers are not human-proof.  Computers are not skeptical, untrusting, and paranoid. Then again, sometimes my computer does appear to be a little testy and fails to give me what I want as quickly as I want it. Just on a side note, being paranoid is not all bad as long as it does not go to extremes. Slight paranoia is what gives us our sixth sense that something we are encountering just doesn’t feel or look right.  There are even some famous quotes around paranoia such as, “Just because you’re paranoid, don’t mean they’re not after you.” from Nirvana’s Kurt Cobain, “Paranoia is just a heightened sense of awareness.” as said by John Lennon, and The paranoid is never entirely mistaken.” from the mind of Sigmund Freud. 

I digress, what were we talking about, ah yes, computers not being “human-proof” and the reason we have to include humans in the equation. Humans have to be accountable for their actions and that is the reason why policies and procedures to address copy-and-paste (cloned) and over documentation should be in place. It is also why when EHRs are purchased, caution should be taken when using templates and check boxes. Some EHR systems may auto-populate certain fields when providers use templates and other systems may generate documentation when a provider checks a single box. Which brings me back to the human. Providers need to always verify and be held accountable for the accuracy of any information included within the record. They also need to ensure that audit logs are fully operational.

Audit logs, which capture data elements such as date, time, and user stamps for each update in the EHR are a critical part of mitigating fraud. Practices can use these logs to monitor activity and look for data inconsistencies and patterns. Robust access controls need to be implemented. Access controls and user authentication help prevent unauthorized access to the EHR. This can help prevent fraud related to identify theft and other schemes that involve stealing provider and patient information.

Lastly, patient education should be performed. Patient engagement can also help mitigate fraud related to the EHR. Encourage patients to notify the organization if they detect potentially fraudulent activity. For example, a patient may question an Explanation of Benefits for a service that he or she did not receive. Educate patients about the potential for identify theft and fraud, and let them know that everyone can work together to combat the problem.

Medicare is the largest of all healthcare payers and healthcare fraud (claiming health care reimbursement to which the claimant is not entitled) and abuse (when a provider doesn’t follow good medical practices, including performing services that are not medically necessary) is a significant problem. There are many different types of Medicare fraud & abuse, all of which have the same goal: to collect money from the Medicare program illegitimately. However, cost (taxpayer dollars) is not the only consequence. Less than accurate data directly affects reports that use the data to help improve the way healthcare is delivered. If policy changes are made based on reports that have “false” data then are we making the correct decisions? There is always some margin of error that is factored into research, data reports, etc. but a percentage of the data that is reported that could be fraudulent, (i.e. made up in order to get paid), is always something that needs to be kept in the back of everyone’s mind when reviewing and using data. EHR has made things easier, faster, and more transparent, but has it improved our data? Time will tell.



about the author

Ruthanne Romero is a registered nurse for Qlarant. She worked together with the IT department and the Operational Teams to help improve database system functions for ease of use and better data reporting, along with performing medical record review. See all posts from Ruthanne Romero.

4 Replies to “Truth or Fiction? Unintentional or Deliberate? Fraud or Abuse?”

    I came across your blog by accident but oh what a revelation. I have been a nurse for 30 years; 20 as a LPN and 10 as an RN. I began to see patterns of good care and patterns of not so good care. I even see patterns in the CoP (Medicare Conditions of Participation) from one setting to another and how each fail to meet in different ways. I have had several jobs that I lasted less than a year. I am so distressed I contemplated leaving nursing. Your post was so refreshing to know that I am not just paranoid. Medicare is going broke faster than it should because the integrity of the system is compromised. Thank you.

    Ruthanne Romero says:

    I am glad you found my blog by accident. Thank you for your comment. You may be interested in some of my other ‘Health-e-Records’ posts located at Also, my co-workers have some great blogs about the future of healthcare data, artificial intelligence, and data research that you may also find refreshing.

    Thank you. I will check them out.


    I had to jump in say you are so right. I’ve been in the healthcare arena for over 30 years in HIM, coding, CDI, revenue cycle in every kind of setting. I agree that it seems especially in the last 10 years with the advanced technology and advances in the electronic medical record with the use of smartphases and templates created. I often see lots of documentation but the quality of the amount of real physician rationale and medical decision making is not there for accurate and compliant coding. I’ve seem this cause upcoding.

Leave a Reply

Let's Talk About Solutions

How can Qlarant help you improve quality and program performance?