Fraud is easy in quick EHR adoption, experts warn

The use of a “copy and paste” function can lead to counterfeit records.
The use of a “copy and paste” function can lead to counterfeit records.

Little due diligence being performed on electronic health records systems has made it easy for bad actors to perpetuate fraud, an EHR executive said this week.

Before the meaningful use program began, EHR companies could seek voluntary certification by the Certification Commission for Health Information Technology (CCHIT) to meet some anti-fraud fundamentals, said Reed Gelzer, the founder of EHR consulting firm Trustworthy EHR and co-chair of the HL7 EHR Standards Workgroup, to Bloomberg Bureau of National Affairs. When OHC began certifying systems, anti-fraud protections were dropped, he claimed.

The issue hasn't escaped the notice of the Department of Health and Human Services Office of Inspector General, which said in a December 2013 report that providers using EHRs may not be doing enough to prevent fraud. It specifically cited the use of a “copy and paste” function, which can lead to counterfeit records. Other companies said maintaining a history of every record — including when it was created and revised — was using up too much memory, which in turn raised costs.

While much of the EHR money and scrutiny has been on hospitals, Gelzer recommended all providers make sure their systems have medical records policies addressing potential vulnerabilities, assure accurate authorship and have searchable audit trail ability.