D.C. Report: HHS OIG Looks Into EHR Fraud, Upcoding | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

D.C. Report: HHS OIG Looks Into EHR Fraud, Upcoding

October 29, 2012
by Jeff Smith, Assistant Director of Advocacy at CHIME
| Reprints

Federal Survey Seeks Info on EHR Fraud, Privacy Issues News broke last week during CHIME’s Fall Forum that the HHS Office of Inspector General (OIG) had circulated a survey to hospitals that had demonstrated Meaningful Use.  The OIG's review of the incentive program and potentially inappropriate Medicare payments related to EHR use are both included in its recently issued fiscal 2013 work plan, according to public officials.

Included in some of the over 50 questions asked by OIG, hospitals were expected to respond to inquiries related to:

  • How diagnoses and procedures are coded (manually, automatically with coding software, or other)
  • Whether the hospital has plans to adopt computer-assisted coding
  • User authorization methods (unique user ID, password, tokens, biometrics, public key)
  • Access management (session time-out, minimum password configuration rules, regular changing of passwords, user agreements or contracts to prevent sharing of passwords, or other)
  • Whether outside entities such as payers can access the EHR, and if so, how such access is tracked
  • Barriers to allowing outside entities access (lack of software or hardware support, insufficient staffing, funding restrictions, performance concerns, privacy concerns, etc.)
  • Numerous questions about audit log practices and availability
  • How physician progress notes are entered into the EHR (free text, via structured templates)

Despite the insistence by OIG that this survey had been planned for some time, it comes at a point when increased scrutiny is being placed on EHRs and the Meaningful Use policy program.  Frequent readers will recall past coverage of a New York Times article and Center for Public Integrity report that described the use of EHRs for upcoding and cloning practices of patient records.  Additionally, House and Senate members of Congress have decided to weigh-in on health IT policy – with members of the House calling for the immediate suspension of incentive payments and Senators asking for more Meaningful Use program details.

CHIME Advocacy originally responded to House calls for suspension by circulating sign-on letters and will continue to monitor House and Senate concerns with all matters related to health IT.

CMS Releases CQM e-Specifications, Additional Resources Officials from CMS this week unveiled a number of technical specifications and resources needed to compute clinical quality measures for 2014 Edition certified EHR technology.  An updated website, available here, contains tables that define and describe each measure and will allow for “version control” to make changes or updates to CQMs, officials said.  Also released were electronic specifications for the 2014 electronic CQMs that will allow systems to be programmed to automate capture, calculation and reporting of CQMs.  These eSpecifications will be packaged in a way that provides more information – in response to feedback to Stage 1 measures.  Each e-specification will have three pieces to it or three ways to express the CQM:

  • XML file – as the HQMF computer syntax
  • HTML version – as the human readable component
  • Value Sets – which will be specific clinical codes used to create an individual measure

According to CMS officials, the National Library of Medicine will be the oversight authority for value sets, overseeing validation and support and warehousing a controlled collection of publicly-available value sets.

Lawmakers Want CMS to Do More on Identity Theft This week two lawmakers from the House Ways & Means Committee highlighted a recent report finding that CMS should be doing more to protect seniors from identity theft in Medicare.  The HHS Office of the Inspector General found the CMS was complacent in notifying affected beneficiaries of a data breach within 60 days, as required by law and that contractors are not effectively using a CMS database that contains information on Medicare beneficiaries and providers who have been affected by identity theft.

In statements released this week, Sam Johnson (R-Texas) and House Ways and Means Subcommittee Chairman for Social Security said the report should serve as a "wakeup call" for CMS to "take immediate action to develop a new system for protecting seniors from medical identity theft."  He added, "Seniors are urged not to carry their Social Security card to protect their number, but at the same time they need to carry their Medicare card at all times to get health care. This makes no sense."  Ways and Means Chairman of the Health Subcommittee Wally Herger (R-Calif.) said, "Though years of CMS indifference and delay make me skeptical, my hope is that this report finally persuades the agency to stop use of the SSN as the Medicare identification number"

Stakeholders Convene to Develop Input to FDA Report on Regulatory Framework  A range of preliminary recommendations – focus on the patient experience, integrate with existing initiatives, encourage voluntary reporting of problems and learn from other industries – were offered by  groups meeting earlier this week to explore how best to guide creation of a regulatory framework for Health IT, as called for by the FDA Safety and Innovation Act signed in July 2012.  Due January 2014, the report to Congress must include “a proposed strategy, and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology, including mobile medical applications, that promotes innovation, protects patient safety and avoids regulatory duplication.”  To inform this process, The Bipartisan Policy Center (BPC) convened over 60 organizations representing providers, clinicians, consumers, health plans, employers, patient safety organizations, and technology companies.  HHS itself may convene a working group of external stakeholders and experts to provide input, but the BPC effort is viewed as a means to gather early industry views outside of more formal government processes.  CHIME, as part of the BPC group, is interested in hearing your thoughts on how best to assure patient safety and quality while promoting the innovation required to meet the needs of our rapidly evolving healthcare system. 

The EHR Medicare and Medicaid Incentive Program has accelerated the adoption of health information technology by the nation’s providers, while at the same time attracting increased attention by lawmakers.  Further, the August 2011  Institute of Medicine’s  (IOM) Health IT and Patient Safety: Building Safer Systems for Better Care, called for improving safety in health IT indicating that safety is an “emergent property… of a larger system…. that includes technology (e.g. hardware, software), people (e.g. clinicians, patients), processes (e.g. workflow), organization (e.g. capacity, decisions about how health IT is applied), and the external environment (e.g. regulations, public opinion).  The July FDA legislation was seen as an opportunity to place more scrutiny on this entire area.  Meanwhile, Congressional attention will continue as seen in recent letters from Ways & Means and Energy & Commerce Leaders in the House calling on Secretary Sebelius to suspend payments under the Incentive Program.

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on