Archives

Download a PDF of the Current Issue 2015 Volume 12 Number 3 July- September

Integrity of the Healthcare Record: Best Practices for EHR Documentation

“Excerpted from Journal of AHIMA with permission”

Journal of AHIMA 84, no.8 (August 2013): 58‐62.

Electronic documentation tools oﬀer many features that are designed to increase both the quality and the utility of clinical documentation, enhancing communication between all healthcare providers. These features address traditional well‐known requirements for documentation principles while supporting expansive new technologies. Use of these features without appropriate management and guidelines, however, may create information integrity concerns such as invalid auto‐population of data fields and manufactured documentation aimed to enhance expected reimbursement. Processes must be in place to ensure the documentation for the health information used in care, research, and health management is valid, accurate, complete, trustworthy, and timely. There are a number of existing rules and regulations on documentation principles and guidelines that primarily address documentation authorship principles, auditing, and forms development in a paper health record. New guidelines are being sought by the healthcare industry that ensure and preserve documentation integrity in an age of electronic exchange and changes in the legal evidentiary requirements for electronic business and health records. With the continued advancement of electronic health records (EHRs), there is increasing concern that a potential loss of documentation integrity could lead to compromised patient care, care coordination, and quality reporting and research as well as fraud and abuse. This practice brief provides guidance for maintaining documentation integrity while using automated EHR functions. Ensuring Documentation Integrity Documentation integrity involves the accuracy of the complete health record. It encompasses information governance, patient identification, author‐ ship validation, amendments and record corrections as well as auditing the record for documentation validity when submitting reimbursement claims. EHRs have customizable documentation applications that allow the use of templates and smart phrases to assist with documentation. Unless these tools are used appropriately, however, the integrity of the data may be questioned and the information deemed inaccurate—or possibly even perceived as fraudulent activity. Established policies and procedures such as audit functions must be in place to ensure compliant billing. Without safeguards in place, records could reflect an inaccurate picture of the patient’s condition, either at admission or as it changes over time. The provider must understand the necessity of reviewing and editing all defaulted data to ensure that only patient‐specific data for that visit is recorded, while all other irrelevant data pulled in by the default template is removed. For example, the automatic generation of common negative findings within a review of systems for each body area or organ system may result in a higher level of service delivered, unless the provider documents any pertinent positive results and deletes the incorrect auto‐generated entries. Appendix B, available in the online version of this practice brief in the AHIMA Body of Knowledge, illustrates examples of worst and best case scenarios observed in documentation practices for healthcare delivery. These scenarios show how the ability to copy previous entries and paste into a current entry can lead to a record where a provider may, upon signing the documentation, unwittingly attest to the accuracy and comprehensiveness of substantial amounts of duplicated or inapplicable information, as well as the incorporation of misleading or erroneous documentation. The scenarios further illustrate that while helping to improve apparent timeliness and legibility of documentation, additional adverse eﬀects were created by the inability to verify actual authors or to authenticate services provided at any given time.1‐4 From a billing perspective, defaulting or copying and pasting clinical information with previous existing documentation from other patient encounters in a diﬀerent health record facilitates billing at a higher level of service than was actually provided. Providers must recognize each encounter as a standalone record, and ensure the documentation within that encounter reflects the level of service actually provided and meets payer requirements for appropriate reimbursement. The integrity of this information is vital. As Michelle Dougherty, MA, RHIA, CHP, noted in her testimony to the Oﬃce of the National Coordinator for Health IT’s (ONC) HIT Policy Committee, “If clinical documentation was inaccurate when used for billing or legal purposes, it was wrong when it was used by another provider, another provider at transition, a researcher, the public health authority, or quality reporting agency.”5 The documentation may need to include any health information such as labs, changes in medications, or updates to any chronic health conditions impacting an encounter that was reviewed by the provider during the visit. Time’s Ticking for Information Governance Data quality and record integrity issues must be addressed now, before widespread deployment of health information exchange (HIE). Poor data quality will be amplified with HIE if erroneous, incomplete, redundant, or untrustworthy data and records are allowed to cascade across the healthcare system. Healthcare organizations must manage information as an asset and adopt proactive decision making and oversight through information asset management, information governance, and enterprise information management (EIM) to achieve data trustworthiness. AHIMA defines information governance as “the accountability framework and decision rights to achieve EIM. EIM is defined as the infrastructure and processes that ensure information is trustworthy and actionable.” The multitude of federal and state health information exchange initiatives are making information governance and the integrity of EHRs more challenging every day. An accurate information governance program will ensure the accountability of how information is managed and the information’s integrity. Legal Issues Surrounding EHRs HIM professionals consistently identify the following documentation practices as problematic in EHRs. These practices contribute to data quality and information integrity issues. Risky documentation practices that create the potential for patient safety, quality of care, and compliance concerns— such as those described below—may leave an organization vulnerable to patient safety errors and medical liability. Template Documentation Challenges Documentation templates can play an important role in improving the eﬃciency of data collection, ensuring all relevant elements are collected in a structured format. However, these templates also have limitations:

● Templates may not exist for a specific problem or visit type. This issue can occur if the structure of the note is not a good clinical fit and does not accurately reflect the patient’s condition and services.

● Atypical patients may have multiple problems or extensive interventions that must be documented in detail.

Templates designed to meet reimbursement criteria may miss relevant clinical information. Templates may also encourage over‐documentation to meet reimbursement requirements even when services are not medically necessary or are never delivered.

Cloning, Copy/Paste Practice Problems Cloned documentation continues to be a significant problem that creates unnecessary redundancy and at times inaccurate information in the EHR. Some EHR systems are designed to facilitate cloning with such popular features as “make me the author” to assume the content of another person’s entry, “demo recall” to copy forward vital signs, “copy and paste” to replicate information from a previous visit, or the use of “smart phrases”—a function that pulls in specific identical data elements. Automated insertion of previous or outdated information through EHR tools, when not modified to be patient‐specific and pertinent to the visit, may raise significant quality of care and compliance concerns—creating a potential for medical liability issues. Organizations must develop policies designed to address inappropriate use of these tools to minimize non‐compliance. Common documentation risks that can result from cloning features include:

● Vital signs that never change from visit to visit

● Information “copied and pasted” from a diﬀerent patient’s record

● Documentation from another provider including their attestation statement

Identical verbiage used repeatedly for all patients seen by a provider for a specific timeframe with little or no modification regardless of the nature of the presenting problem or intensity of the service; at times, such verbiage includes contradictory indications (i.e., use of pronoun “he” instead of “she,” indication that patient has no pain when the documentation includes a record of pain)

Providers must recognize that every patient is unique and must ensure that the health service provided is documented distinctly from all others. Dictation Errors without Validation Organizations using voice recognition without a validation step in place are experiencing significant data quality problems and documentation errors. Organizations should have in place a process to ensure providers review, edit, and approve dictated information in a timely manner. Since these documents are often used and exchanged, the importance of accurate and quality documentation in EHR systems is critical. EHRs have created tremendous changes in the provider’s workflow and documentation process. Best practices for documentation that ensures quality have not been well defined for EHRs and are not well understood by providers. Innovations are needed to improve documentation tools and techniques; a back‐to‐the‐basics focus on the importance of data accuracy and quality must take priority before widespread deployment of interoperable health information exchange occurs. Healthcare fraud has signaled sharper focus on specific avenues for improper claims or billing, including EHRs. The Oﬃce of Inspector General’s 2012 Work Plan included a focus on fraud vulnerabilities specifically presented by EHRs, making it the first work plan in which the agency explicitly named EHRs a a target for review. Patient Identification Errors Documentation integrity is at risk when the wrong information is documented on the wrong patient health record. Errors in patient identification can aﬀect clinical decision making and patient safety, impact a patient’s privacy and security, and result in duplicate testing and increased costs to patients, providers, and payers. Patient identification errors can grow exponentially within the EHR, personal health record, and HIE network(s) as the information proliferates. Failure of organizations to employ front end solutions that include measures like sophisticated matching algorithms or other methods such as use of biometrics, photography, or fingerprinting can put the organizations at risk.6 Special alerts can be designed and implemented within an EHR to avoid potential safety issues, such as when a patient blood type or allergy does not match the patient undergoing treatment. Organizations must have a patient identity integrity program that includes performance improvement measurements that monitor the percentage of error rates and duplicate records within its electronic master patient index. Policies and procedures must ensure that key demographic data are accurate and used to link records within and across systems. Policies must address the initial point of capture as a key front end verification. Authorship Integrity Issues Authorship attributes the origin or creation of a particular unit of information to a specific individual or entity acting at a particular time. When there are multiple authors or contributors to a document, all signatures should be retained so that each individual’s contribution is unambiguously identified.7 Some EHR systems allow more than one individual to add text to the same progress note entry or flow sheet. If the EHR does not have functionality to enable both providers to document and sign, it may be impossible to verify the actual service provider or the amount of work performed by each provider. Integrity of Amendments As outlined in the AHIMA toolkit “Amendments in the Electronic Health Record,” addendums, corrections, deletions, and patient amendments should be included in the record as defined by HIPAA. In order to support the integrity of the health record, EHR systems need to allow providers to make amendments, have the ability to track corrections, and identify that an original entry has been changed. The functionality to do this can be a combination of EHR applications along with policies and procedures that outline when changes need to be made, what changes can be made, who can make the changes, and how these changes will be tracked and monitored. The original entry must be viewable, along with a date and time stamp, the name of the person making the change, and the reason(s) for the change. Without this information, the date sequence may be impossible to follow—adversely aﬀecting appropriate patient care and resulting in questionable supporting documentation for reported services. See case study 2 in Appendix B for examples of best and worst case scenarios and discussion questions related to data integrity. The EHR functionality may also determine whether or not an original note or amendment includes the correct date and time. Some systems automatically assign the date that the entry was made, while others allow authorized users to revise the date of entry to the date of the visit or service. All users are responsible for ensuring that documentation authorship is accurately recorded in all approved uses of the available documentation tools, and for making sure that any changes or deletions made outside of routine record use are maintained in the EHR system. Appendix C, avail‐ able in the AHIMA Body of Knowledge, provides guidance on steps to prevent fraud in EHR documentation. Healthcare Fraud and Abuse Healthcare fraud is defined as an “intentional deception or misrepresentation that the individual or entity makes knowing that the misrepresentation could result in some unauthorized benefit to the individual, to the entity or to some other party.”8 The intentional fabrication of medical records in order to improve reimbursement may be considered fraudulent. This fabrication could result from overuse of “copy and paste” functionalities or misuse of templates originally designed for documentation eﬃciency. Healthcare abuse describes incidents or practices which are not usually fraudulent but are not consistent with accepted medical or business practices that may result in unnecessary costs to payers. These unintentional practices may involve repeated billing and coding errors that over time may be considered fraudulent if patterns of continued practice are found upon external review. When misrepresentation occurs—whether it is intentional or unintentional—the staﬀ member that has responsibility for ensuring an accurate claim has the obligation to proactively identify and pre‐ vent fraud. All providers involved in the patient’s care must be held accountable to ensure the integrity of the documentation is compliant with existing law and that the level of service reported meets all payer billing, coding, and documentation requirements. According to the Medicare Claims Processing Manual, “Medical necessity is the over‐ arching criterion for reimbursement… and the volume of documentation should not be the primary influence upon which a specific level of service is billed.”9 Audit Integrity Audits are essential to ensuring that the health record documentation present supports the level of service reported, that all payer requirements for reimbursement are met, and that only authorized users are accessing or making entries to patient medical records. Audit trails must include the name of the user, the application triggering the audit, the workstation, the specific document, a description of the event being audited (i.e., amendment, correction, or deletion), and the date and time. The audit trail must capture what is amended (including deletions) within the health record and provide auditors with a starting point for compliance audits. EHRs that lack adequate audit trail functionality create uncertainty in the integrity of health record documentation, and may create legal liability for the organization while inadvertently making or protecting criminal activity. There may also be no way to determine if and when corrections or amendments were made to the documentation, who made the changes, or the nature of the changes. In addition to the normal unintentional errors that may occur in documentation, audit trail functionality can help to detect situations where an alteration of records is meant to prevent the discovery of damaging information. Organizations may utilize the audit trail functionality of the EHR system to identify and trend utilization of health records. The functionality typically allows users to generate reports for a specified time frame by provider or provider type, with the results sent directly to a compliance committee or the organization’s governing body. Compliance Education Organizations may need to devote more strategy to ensure providers are well‐informed about compliance and legal risks. This starts in the EHR training process. Organizations may need to develop initiatives in EHR education to make sure they do not risk compliance problems. Staﬀ education on best practices for documentation should focus on the integrity of the health record. The education program must be monitored, maintained, and oﬀered quarterly or annually. Answering questions of who, what, why, and how will help to ensure individuals have a solid under‐ standing of the organizational practices and measures that maintain individual best practices. Education geared toward understanding who, what, why, and how must include:

● The definition of who (entities or individuals) could commit fraud

● Both universal and organizational best practices with regards to security and log‐in, validity of data, authorship/authentication, use and storage of data, and data transmittals

● The importance of continual education

● Strategies for applying fraud prevention best practices on a daily basis

Recommendations for Maintaining Integrity Organizations should have policies and procedures in place that prevent fraud as a result of deliberate falsification of information. At minimum, organizations should consider these four primary conditions:

● Desire and commitment to conduct business and provide care in an ethical manner

● Purchasing systems that include functions and capabilities to prevent or discourage fraudulent activity

● Implementing and using policies, procedures and system functions and capabilities to prevent fraud

● Inclusion of an HIM professional such as a record content expert on the IT design and HER implementation team to ensure the end product is compliant with all billing, coding, documentation, regulatory, and payer guidelines

Ensuring documentation integrity in the record is a fundamental practice. Organizations should use the guidelines and checklists in Appendices C and D, available online in the AHIMA Body of Knowledge, to assess their compliance. These appendices contain:

● Steps organizations can take to prevent falsification of EHRs

● Guidelines for selecting EHR system features to reduce the likelihood for falsification

● Guidelines for implementing EHR systems features designed to reduce the likelihood of falsification

● Fraud prevention education programs (training requirements, security and integrity requirements, and violation of EHR policy and procedure consequences)

● Recommendations for establishing a process for logging all activity on EHR systems (audits and audit trails recommended)

● Sample business rules for EHR systems

Appendices Four appendices are available in the online version of this practice brief in the AHIMA Body of Knowledge at www.ahima.org: Appendix A: Resource List Appendix B: Case Studies: Integrity of the Healthcare Record Appendix C: Steps to Prevent Fraud in EHR Documentation Appendix D: Electronic Health Record Integrity Checklist Notes 1. Helbig, Susan. “Copying and Pasting in the EHR‐S: An HIM Perspective.” 2004 IFHRO Congress and AHIMA Convention Proceedings. October 2004. Available in the HIM Body of Knowledge, www.ahima.org. 2. Weir, CR et al. “Direct Text Entry in Electronic Progress Notes: An Evaluation of Input Errors.” Methods of Information in Medicine 42, no. 1 (2003): 61–67. 3. Hammond, Kenric W. et al. “Are Electronic Medical Records Trustworthy? Observations on Copying, Pasting and Du‐ plication.” AMIA Annual Symposium Proceedings, 2003: 269– 273. 4. Embi, Peter J. et al. “Impacts of Computerized Provider Documentation in a Teaching Hospital: Perceptions of Faculty and Resident Providers.” Journal of the American Medical Informatics Association 11, no. 4 (2004): 300–309. 5. AHIMA Testimony of Michelle Dougherty to the HIT Policy Committee Hearing on Clinical Documentation. Panel 4: Role of Clinical Documentation for Legal Purposes. February 13, 2013. http://www.ahima.org/downloads/pdfs/advocacy/ AHIMATestimony%20to%20HIT%20Policy%20Comte%20on% 20Clinical%20Documentation%2002132013.pdf. 6. National Health Care Anti‐Fraud Association. “What is health care fraud?” 2012. http://www.nhcaa.org/resources/ health‐care‐anti‐fraud‐resources/consumer‐info‐action.aspx. 7. HIMSS. “Patient Identity Integrity.” December 2009. http://himss.files.cms‐plus.com/HIMSSorg/Content/files/PrivacySecurity/PIIWhitePaper.pdf. 8. President’s Council of Advisors on Science and Technology. “Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward.” Re‐ port to the President of the United States of America, December 2010. http://www.whitehouse.gov/sites/default/files/microsites/ostp/pcast‐health‐it‐report.pdf. 9. Centers for Medicare and Medicaid Services. Medicare Claims Processing Manual, Chapter 12. 2013. http://www.cms.gov/Regulations‐and‐Guidance/Guidance/Manuals/ Downloads/clm104c12.pdf. Copyright ©2013 American Health Information Management Association. All rights reserved. All contents, including images and graphics, on this Web site are copyrighted by AHIMA un‐ less otherwise noted. You must obtain permission to reproduce any information, graphics, or images from this site. You do not need to obtain permission to cite, reference, or briefly quote this material as long as proper citation of the source of the information is made.