The Health Information Technology for Economic and Clinical Health Act (the “HITECH”) Act of 2009 aims to have all hospitals and physicians use electronic health records (“EHRs”) for all persons in the United States by 2014.  Federal and State financial incentives, electronic billing requirements, and the need for ever-increasing collaboration and sharing of information among providers have lead to a growing embrace of EHRs across the health care system.

   The U.S. Department of Health and Human Services Office of the Inspector General (the “OIG”) recently issued its Work Plan for Fiscal Year 2013.  One of the OIG’s goals for 2013 is to identity fraud and abuse vulnerabilities in EHR systems and to determine how certified EHR systems address those vulnerabilities.

Letters and Surveys Sent By OIG

  The OIG has already begun to implement the Work Plan with respect to its review of EHR systems.  In October 2012, at least ten hospitals received an 18-page, 54-question survey requesting detailed information on their EHR systems.  The survey comes on the heels of a letter that was sent on September 24, 2012 from HHS and the Department of Justice to health care providers indicating that “there are troubling indications that some providers are using [EHR] technology to game the system, possibly to obtain payments to which they are not entitled.”

  It is expected that the responses to the survey will be used by the OIG to prepare a report which will be published during fiscal year 2013.  According to a recent article posted on HealthLeaders Media, some of the questions in the OIG survey include:

  • How diagnoses and procedures are coded (manually, automatically with coding software, or other);
  • User authorization methods (unique user ID, password, tokens, biometrics, public key);
  • Access management (session time-out, minimum password configuration rules, regular changing of passwords, user agreements or contracts to prevent sharing of passwords, or other);
  • Barriers to allowing outside entities access (lack of software or hardware support, insufficient staffing, funding restrictions, performance concerns, privacy concerns, etc.);
  • How physician progress notes are entered into the EHR (free text, via structured templates);
  • Whether narrative nursing notes are directly entered into the EHR or handwritten and scanned into the EHR, and if so, why;
  • Whether patients have access to the EHR, and if so, how.

Steps to Ensure Proper Functioning of an EHR

  There are certain steps that hospitals and physicians can take in order to ensure that their EHR system is functioning properly.  First, considerable time and research should be spent on selecting an EHR vendor to ensure that the EHR system will be a good fit for the practice.  Issues to be addressed should include: What features does the vendor’s system include that competitors may not offer?  What kind of training and support is provided by the vendor and how and when is that support available?  What is the size of the vendor’s customer base and has its software been implemented in similar practices and work environments?  Legal review of acquisition documents, service/support agreements, and hardware or hosting agreements is a key component of the process.

  Second, it is essential that hospitals and physicians receive appropriate training in the use of the system and that sufficient time is allotted for staff education.  Written manuals should be provided to staff members that, along with a detailed guide to the EHR system, include quick, one-page “cheat sheets” for easy reference by users.  Third, hospitals and physician practices should set realistic goals and expectations.  Because it is unlikely that things will go smoothly from the get-go, practitioners should set aside time on a regular basis, as frequently as every 60-90 days, to reevaluate their EHR system and see if improvements or changes should be made to the system or processes.  This will also provide an opportunity to determine if any member of the team needs additional training on the system.

  In light of the OIG’s Work Plan and increasing scrutiny on EHR systems, it is essential that hospitals and physicians take measures to ensure that their EHR systems are working properly and are being use appropriately.