My friend and mentor, Don Simborg, MD, has seen a lot and done a lot in healthcare IT. He practiced in internal medicine while he was the CIO at UCSF and his second IT startup was an EHR targeted at oncology. In his so-called retirement he has taken an interest on the issue of the relationship between EHRs and fraud (when he is not taking trapeze lessons). We have gone around on this issue over many a fish sandwich. We don’t agree on every specific but we both believe that there is a problem and that IT should do as little as possible to aid those who cheat and as much as possible to assist those whose role is catch them. In light of recent attention being that has fallen this way I asked him to summarize his views. They appear below; in future blogs I hope to deal with reader comments and drill into some of the pragmatic issues that must be solved to make progress. Here’s Don:
EHRs have had a bad week. Studies published by both the Center for Public Integrity, a non-profit investigative news organization, and the New York Times indicate that billings go up concomitant with a switch to EHRs raising healthcare costs instead of reducing them. DHHS Secretary Sebelius and Attorney General Holder sent a letter to the major hospital provider organizations threatening to crack down on EHR fraud. A New York Times editorial decried the EHR abuse. A full hour on National Public Radio was devoted to this problem. The Center for Public Integrity article indicated that the increase in cost so far is over $11B. The use of the two most expensive E&M codes for emergency room visits increased from 25% to 45% between 2001 and 2008. The New York Times article cited an OIG report showing that in 2010, just 1,700 of the 440,000 physicians added over $100M due to increased E&M coding.
There is a lot that we don’t know about these numbers. Were EHRs the cause? Were the increases legitimate or fraudulent? How much of the baseline was fraud to begin with? Estimates of fraud vary widely from as little as 3% of all healthcare transactions to over 10%. The usual figure bandied about for Medicare is $80B/year in fraud. It may be over $250B/year overall. That’s well more than the Afghan war has cost us. We could cover most of the uninsured with less than that.
The healthcare IT and provider communities say that the increase in billings with EHRs should be expected and is good because physicians are finally documenting what they do properly and decision support in EHRs prompts physicians to remember to do appropriate follow-ups. At a minimum, EHRs eliminate the fear of an audit, which causes physicians to under code in the paper system. Others say it is bad because it represents fraudulent up-coding made easy by single-click notes, cloning, E&M code prompts and other tools built into EHRs. We don’t have any data to distinguish this at present and it is unlikely that we will any time soon. So what to do about it?
I say we should follow the advice given ONC seven years ago by a group of industry experts in an extensive report which warned that fraud will increase in an electronic environment unless we are proactive in putting in safeguards against fraud. The feeling was that we shouldn’t wait until EHRs are widely implemented (at the time EHR penetration was less than 10%), as it will be more difficult to alter legacy systems later. It’s now seven years later and EHR penetration is already much greater and increasing rapidly. We don’t have time to wait for definitive proof, which may never come. We know fraud is occurring. We know some EHR tools, on the face of it, invite fraud. Eliminating or greatly constraining the use of these tools will have little or no negative impact on clinical usability. If fact many physicians argue that encounter notes that contain pages of normal negatives in the PE and ROS produced by a single click are simply not trustworthy clinically. The same has been said of cloned notes.
There are three things that ONC can do now. Investigate for Phase III of Meaningful Use which tools in EHRs should be grounds for decertification. These could include such tools as E&M code prompts that are solely for the purpose of up-coding, cloning and copy-forward, “make me an author”, amended report bypasses, single-click encounter notes, disabling the audit log and others. Second, work with OIG and CMS to determine what metadata from EHRs would best help in fraud detection analytics software. Medicare is currently using such software in an attempt to detect potentially fraudulent claims prior to payment rather than the usual “pay and chase” method that is ineffective. After determining the minimal metadata set that would be helpful, then define, standardize, and require that metadata for EHR certification. For starters, define at what level of detail the user/date/time stamp is required. Other metadata that could be considered would be the date/time the claim was produced from an encounter and the method of entry of the data (dictation, default, typing, copy forward, menu selection, etc.). Third, fund a cost/benefit analysis of several possible alternatives for provider and patient authentication at the point of care. Include at least the possibility of a biomarker mechanism independent of the EHR. Such a system would make it much more difficult to fabricate visits which we know occurs. It would help insure that the provider and patient at an encounter are really who they are alleged to be and were present at the time and place alleged.
In summary, fraud is a huge problem. EHRs can be tools to both increase and decrease fraud. ONC is the only agency that can require changes to EHRs. ONC needs to stop giving lip service to “cooperating with other agencies” regarding fraud but to take the lead in seriously looking at how EHRs should be altered to reduce fraud.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.