When worlds collide: How to navigate productive EHR use mindful of CMS fraud and abuse audits

January 21st, 2014 by Rod Baird

The Department of Health and Human Services’ Office of Inspector General (OIG) suspects Electronic Health Records (EHRs) may encourage fraud and abuse. Their recommendation: Better audits. Meanwhile, a recent article in the New York Times highlights the use of medical scribes to minimize physicians’ EHR workload.

The OIG issued two reports in the past 30 days expressing alarm that providers (read physicians) would copy and paste text from one record to the next, or use preformatted statements to achieve higher reimbursement levels.

$1     The 1st report alleges problems, primarily at hospitals, with disabling or resetting audit logs.  Most hospital EHR systems are massive beasts – installed by vendors, but operated by the hospital or health system. All certified EHR technology has the innate capacity to create “audit logs.” These are files that record all user activity within the EHR. This makes it possible for a third party with access rights to the EHR (e.g. a CMS agent) to reconstruct exactly how each element in a record was documented, when and by whom. The OIG believes some hospitals could “doctor” the audit logs to erase telltale signs pointing to fraudulent activity. Abuse of the copy and paste function from one patient record to another is a particular worry to the OIG.

$1·       The 2nd report exhorts the medical reviewers at CMS Administrative and Program Integrity Contractors to develop new tools to detect the EHR facilitated fraud or abuse. This is a fuller elaboration of the types of fraudulent activity introduced in the first report. The OIG is requesting carriers consider screening documents for repeated use of copy and paste (or cloned notes) by using the gaining access to the EHR’s audit log.

Mentally, I’d filed the two OIG reports away for a future blog post, but was prompted to comment when the New York Times piece on medical scribes appeared.

Most of my readers know my dual roles – as an EHR developer and a LTC physician practice manager.  My partners believe these dual roles are a real asset; but personally it can cause tremendous tension headaches. Here’s why:

Anyone who’s familiar with EHR certification standards probably agrees the standards have minimal connection with “usability.” The standards were written by committees who are interested in achieving some very worthwhile goals. Measuring, documenting and reporting patient data is the primary objective for EHRs. The attitude at ONC/CMS is the more data, the better. EHR developers wrote software to pass the certification tests in the most direct manner possible. Then, they had to turn around, without destroying any of the elements used to pass that test, and add new code to satisfy users’ demand for functionality.

If you are a provider, faced with the need to enter massive amounts of data you consider “low-value/worthless,” aren’t you going to demand your EHR support copy/paste?

The stronger the provider feels the data being demanded is pointless, the greater their interest in using the EHR’s inherent ability to “auto-populate” repeating observations.

The pushback from providers over the inefficiencies of EHR data entry is leading to the adoption of scribes or medical assistants. Because much of EHR use is clerical, why not hire one? The Meaningful Use regulations anticipated this phenomenon and created the new role, “Certified Medical Assistant.” To most of us, that seems like an endorsement from DHHS/ONC/CMS supporting paraprofessional data gatherers.

The collision I predict arises from inherent conflicts between the challenges of EHR usability and Medicare Part B rules for physician payment. EHRs are data repositories, but most physicians view them as tools for creating electronic clinical notes. There is a distinct difference.

The vast majority of physician encounters (regardless of specialty) are billed using Evaluation and Management (E&M) codes. Codes are grouped into sets based on patient status (new/old), location (hospital/office), and acuity (low-high). Codes drive provider reimbursement. The AMA creates these codes and publishes definitions of the elements needed to satisfy each one. CMS, which sets reimbursement policy for E&M codes, has very specific rules regarding who can “create” the encounter note required for billing each E&M code. The preceding link takes you to a FAQ page that describes what data ancillary staff can enter into the encounter note.  The elements that anyone other than the physician can enter are very limited:

Ancillary staff may only document:

Review of systems (ROS)

Past, family and social history (PFSH)

Vital signs

These three areas must be reviewed by the physician or non-physician practitioner (NPP) who must write a statement that it is reviewed and correct or add to it.


Only the physician or NPP that is conducting the E/M service can perform the history of present illness

(HPI). This is considered physician work and not relegated to ancillary staff. The exam and medical decision-making are also considered physician work and not relegated to ancillary staff.

In certain instances, an office or emergency room triage nurse may document pertinent information regarding the chief complaint (CC)/HPI, but this information should be treated as preliminary information. The physician providing this E/M service must consider this information preliminary and needs to document that he or she explored the HPI in more detail.

How do you reconcile the two conflicting demands of efficiency and regulatory adherence? There is a very limited array of data that ancillary staff (scribes) can legitimately enter into an encounter note. The trick is for the EHR developer to effectively navigate the line between the EHR (a patient record with data from multiple sources) and the clinical note in the patient’s medical record that must be authored by the attending physician. It is permissible for anyone the physician or practice authorizes to insert patient information into the EHR for physician use. However, only that very limited list of items can be inserted into the clinical encounter note. Physicians often bridle at this because it causes extra work on their part – having to review something their trusted staff inserted on their behalf.

This is where the OIG’s recommendations for access to EHR audit logs become so worrisome. The EHR log shows exactly which user entered a particular data element and when it was done. If the physician understands the need for proper sequencing and review of EHR data, they can effectively use ancillary staff without worry. But if they want to take expedient short cuts to documentation, the EHR can become a snake in the grass.

In the institutional setting (hospital or nursing home), it is illegal to use “incident-to” billing. That means physician-extender teams can’t do joint visits to the patient – with the NP/PA doing most of the encounter, and the physician doing a cursory face-to-face and signing-off on the extender’s note. Again, the EHR knows, and if the OIG has its way, there will be denials.

Next post, I’ll discuss strategies to use to avoid the threat of “cloned-note” denials.

Rod Baird

About Rod Baird

Rod Baird is the Founder and President of Geriatric Practice Management (GPM). Since 1977, he’s led provider and management organizations that deliver care to Medicare/Medicaid beneficiaries. Past programs he’s overseen include home health, personal care, hospice, rehabilitation hospitals, adult and psych daycare, alcohol/drug rehabilitation, industrial medicine and primary care practices. The Centers for Medicare and Medicaid Services (CMS) selected Baird as one of only 73 individuals to serve with its InnovationProgram. His educational background includes a Master’s Degree in Physical Chemistry from the American University, Washington, D.C.

We're ready to help you. Contact us today by phone at (828) 348-2888, or get in touch via our contact form.