Truth or Fiction? Unintentional or Deliberate? Fraud or Abuse?

As per Yixin’s last blog ‘Algorithms or Clinicians?’ it was concluded that using data that are readily available (such as in an Electronic Health Record (EHR)) can help increase prediction accuracy especially when a clinician’s expertise is combined with algorithms. The predictions will not only be useful, but also meaningful. That sounds like a great thing, but what happens when the data used to make these predictions are based on false data? Or even worse, fraudulent data? The Health Information Technology for Economic and Clinical Health (HITECH) Act which was enacted as part of the American Recovery and Reinvestment Act of 2009 was passed to help promote the adoption and “meaningful use” of health information technology, encourage the widespread adoption of the EHR, and authorize the Centers for Medicare & Medicaid Services (CMS) to incentivize doctors and hospitals that chose to use a “certified” EHR. The EHR may be doing great things for patient care, but they have also made it easier to commit fraud, according to several reports from the Office of Inspector General (OIG).

One such act that has the attention of the Health & Human Services, Office of Inspector General (OIG) is copying and pasting. Also known as cloning, this action allows end users of EHRs to select information from one source and replicate it in another location. Copying and pasting is a process used by many to save time in writing documents electronically. For EHR documentation, this act is often utilized when scribing progress notes and has the potential to infiltrate into other areas of a patient’s EHR. Fraud can occur when practitioners inappropriately copy-paste one patient’s information into another patient’s records to inflate claims.

Another concern to the OIG is process of over documentation. This is when practitioners include false or irrelevant documentation in order to support billing for higher level services. In addition, because some EHR systems auto-populate fields when using templates or create extensive documentation after a single click of a checkbox, the medical record can become inaccurate if kept unedited.

A well-documented scheme to defraud healthcare payers, such as Medicare, is up-coding of diagnoses and procedure codes. One such example is “up-coding” the Diagnosis Related Group (DRG). The use of sophisticated statistical multi-faceted algorithms are being built and revised every day to help combat possible fraudulent healthcare claim records. These algorithms consider patient length of stay, rates of discharge, common illnesses associated with the DRG, increases in patients with DRGs from one period of time to another, and many other factors to identify suspicious DRG “up-coding” schemes.

Fraud prevention when using an EHR takes more than just computer algorithms. It should also take into account the “human” component who plays a significant role in the creation of the data (data entry). Automation, computers, and digital data are all great things that have made our lives physically easier and communication between people practically instantaneous. For example, we no longer have to wait days or weeks to receive a letter from someone that is living in another country. Medical records no longer have to be sent via mail or faxed from a cardiologist’s office back to a patient’s primary care provider so that care is coordinated. Information can all be retrieved easily from a click of a computer button. But just as data in a computer can be never be totally secure, neither can computers be programmed to catch every fraud, waste, and abuse scenario. The human brain is far better than the computer brain, at least so far. As long as the documentation (data) entered into the computer meets the computer program’s criteria (the algorithm), it “works” just fine.  Nevertheless, computers are not human-proof.  Computers are not skeptical, untrusting, and paranoid. Then again, sometimes my computer does appear to be a little testy and fails to give me what I want as quickly as I want it. Just on a side note, being paranoid is not all bad as long as it does not go to extremes. Slight paranoia is what gives us our sixth sense that something we are encountering just doesn’t feel or look right.  There are even some famous quotes around paranoia such as, “Just because you’re paranoid, don’t mean they’re not after you.” from Nirvana’s Kurt Cobain, “Paranoia is just a heightened sense of awareness.” as said by John Lennon, and “The paranoid is never entirely mistaken.” from the mind of Sigmund Freud. 

I digress, what were we talking about, ah yes, computers not being “human-proof” and the reason we have to include humans in the equation. Humans have to be accountable for their actions and that is the reason why policies and procedures to address copy-and-paste (cloned) and over documentation should be in place. It is also why when EHRs are purchased, caution should be taken when using templates and check boxes. Some EHR systems may auto-populate certain fields when providers use templates and other systems may generate documentation when a provider checks a single box. Which brings me back to the human. Providers need to always verify and be held accountable for the accuracy of any information included within the record. They also need to ensure that audit logs are fully operational.

Audit logs, which capture data elements such as date, time, and user stamps for each update in the EHR are a critical part of mitigating fraud. Practices can use these logs to monitor activity and look for data inconsistencies and patterns. Robust access controls need to be implemented. Access controls and user authentication help prevent unauthorized access to the EHR. This can help prevent fraud related to identify theft and other schemes that involve stealing provider and patient information.

Lastly, patient education should be performed. Patient engagement can also help mitigate fraud related to the EHR. Encourage patients to notify the organization if they detect potentially fraudulent activity. For example, a patient may question an Explanation of Benefits for a service that he or she did not receive. Educate patients about the potential for identify theft and fraud, and let them know that everyone can work together to combat the problem.

Medicare is the largest of all healthcare payers and healthcare fraud (claiming health care reimbursement to which the claimant is not entitled) and abuse (when a provider doesn’t follow good medical practices, including performing services that are not medically necessary) is a significant problem. There are many different types of Medicare fraud & abuse, all of which have the same goal: to collect money from the Medicare program illegitimately. However, cost (taxpayer dollars) is not the only consequence. Less than accurate data directly affects reports that use the data to help improve the way healthcare is delivered. If policy changes are made based on reports that have “false” data then are we making the correct decisions? There is always some margin of error that is factored into research, data reports, etc. but a percentage of the data that is reported that could be fraudulent, (i.e. made up in order to get paid), is always something that needs to be kept in the back of everyone’s mind when reviewing and using data. EHR has made things easier, faster, and more transparent, but has it improved our data? Time will tell.