Auditors reviewing Medicare and Medicaid claims from electronic health records are largely treating them in the same manner as paper claims, even though they pose unique risks for overbilling and fraud, according to a government report released Wednesday.

One of these risks is “copy-pasting,” or cloning, in which a clinician copies information and duplicates it without updating it for accuracy, according to the report from the Department of Health and Human Services Office of the Inspector General. This practice also can also create fraudulent claims, the report noted.

Another risk is overdocumentation, which can occur because EHRs autopopulate fields at the click of a button, according to the report. This can lead to overbilling and make it easier to perpetrate fraud.

After surveying auditors and reviewing guidance documents from the Centers for Medicare & Medicaid Services, the OIG investigators determined that CMS does not require additional reviews for EHRs and few auditors are taking it upon themselves to conduct additional procedures, such as verifying electronic signatures or requesting a provider’s EHR protocols. Furthermore, the auditors’ responses revealed variation in their ability to identify copied language or overdocumentation.

CMS should provide more thorough guidance to auditors on EHR reviews, and should direct the auditors to review the audit logs generated by the electronic systems. These are automatically captured records of data elements such as date, time and user stamps, and “distinguish EHRs from paper medical records,” the authors wrote. They can provide valuable information to verify claims data, they stated.

CMS concurred with the recommendation to provide additional guidance, and partially agreed with the recommendation on audit logs, noting review “may not be appropriate in every circumstance.”

Click here to access the complete document, released Wednesday.