● Templates may not exist for a specific problem or visit type. This issue can occur if the structure of the note is not a good clinical fit and does not accurately reflect the patient’s condition and services.
● Atypical patients may have multiple problems or extensive interventions that must be documented in detail.
Templates designed to meet reimbursement criteria may miss relevant clinical information. Templates may also encourage over‐documentation to meet reimbursement requirements even when services are not medically necessary or are never delivered.Cloning, Copy/Paste Practice Problems Cloned documentation continues to be a significant problem that creates unnecessary redundancy and at times inaccurate information in the EHR. Some EHR systems are designed to facilitate cloning with such popular features as “make me the author” to assume the content of another person’s entry, “demo recall” to copy forward vital signs, “copy and paste” to replicate information from a previous visit, or the use of “smart phrases”—a function that pulls in specific identical data elements. Automated insertion of previous or outdated information through EHR tools, when not modified to be patient‐specific and pertinent to the visit, may raise significant quality of care and compliance concerns—creating a potential for medical liability issues. Organizations must develop policies designed to address inappropriate use of these tools to minimize non‐compliance. Common documentation risks that can result from cloning features include:
● Vital signs that never change from visit to visit
● Information “copied and pasted” from a diﬀerent patient’s record
● Documentation from another provider including their attestation statement
Identical verbiage used repeatedly for all patients seen by a provider for a specific timeframe with little or no modification regardless of the nature of the presenting problem or intensity of the service; at times, such verbiage includes contradictory indications (i.e., use of pronoun “he” instead of “she,” indication that patient has no pain when the documentation includes a record of pain)Providers must recognize that every patient is unique and must ensure that the health service provided is documented distinctly from all others. Dictation Errors without Validation Organizations using voice recognition without a validation step in place are experiencing significant data quality problems and documentation errors. Organizations should have in place a process to ensure providers review, edit, and approve dictated information in a timely manner. Since these documents are often used and exchanged, the importance of accurate and quality documentation in EHR systems is critical. EHRs have created tremendous changes in the provider’s workflow and documentation process. Best practices for documentation that ensures quality have not been well defined for EHRs and are not well understood by providers. Innovations are needed to improve documentation tools and techniques; a back‐to‐the‐basics focus on the importance of data accuracy and quality must take priority before widespread deployment of interoperable health information exchange occurs. Healthcare fraud has signaled sharper focus on specific avenues for improper claims or billing, including EHRs. The Oﬃce of Inspector General’s 2012 Work Plan included a focus on fraud vulnerabilities specifically presented by EHRs, making it the first work plan in which the agency explicitly named EHRs a a target for review. Patient Identification Errors Documentation integrity is at risk when the wrong information is documented on the wrong patient health record. Errors in patient identification can aﬀect clinical decision making and patient safety, impact a patient’s privacy and security, and result in duplicate testing and increased costs to patients, providers, and payers. Patient identification errors can grow exponentially within the EHR, personal health record, and HIE network(s) as the information proliferates. Failure of organizations to employ front end solutions that include measures like sophisticated matching algorithms or other methods such as use of biometrics, photography, or fingerprinting can put the organizations at risk.6 Special alerts can be designed and implemented within an EHR to avoid potential safety issues, such as when a patient blood type or allergy does not match the patient undergoing treatment. Organizations must have a patient identity integrity program that includes performance improvement measurements that monitor the percentage of error rates and duplicate records within its electronic master patient index. Policies and procedures must ensure that key demographic data are accurate and used to link records within and across systems. Policies must address the initial point of capture as a key front end verification. Authorship Integrity Issues Authorship attributes the origin or creation of a particular unit of information to a specific individual or entity acting at a particular time. When there are multiple authors or contributors to a document, all signatures should be retained so that each individual’s contribution is unambiguously identified.7 Some EHR systems allow more than one individual to add text to the same progress note entry or flow sheet. If the EHR does not have functionality to enable both providers to document and sign, it may be impossible to verify the actual service provider or the amount of work performed by each provider. Integrity of Amendments As outlined in the AHIMA toolkit “Amendments in the Electronic Health Record,” addendums, corrections, deletions, and patient amendments should be included in the record as defined by HIPAA. In order to support the integrity of the health record, EHR systems need to allow providers to make amendments, have the ability to track corrections, and identify that an original entry has been changed. The functionality to do this can be a combination of EHR applications along with policies and procedures that outline when changes need to be made, what changes can be made, who can make the changes, and how these changes will be tracked and monitored. The original entry must be viewable, along with a date and time stamp, the name of the person making the change, and the reason(s) for the change. Without this information, the date sequence may be impossible to follow—adversely aﬀecting appropriate patient care and resulting in questionable supporting documentation for reported services. See case study 2 in Appendix B for examples of best and worst case scenarios and discussion questions related to data integrity. The EHR functionality may also determine whether or not an original note or amendment includes the correct date and time. Some systems automatically assign the date that the entry was made, while others allow authorized users to revise the date of entry to the date of the visit or service. All users are responsible for ensuring that documentation authorship is accurately recorded in all approved uses of the available documentation tools, and for making sure that any changes or deletions made outside of routine record use are maintained in the EHR system. Appendix C, avail‐ able in the AHIMA Body of Knowledge, provides guidance on steps to prevent fraud in EHR documentation. Healthcare Fraud and Abuse Healthcare fraud is defined as an “intentional deception or misrepresentation that the individual or entity makes knowing that the misrepresentation could result in some unauthorized benefit to the individual, to the entity or to some other party.”8 The intentional fabrication of medical records in order to improve reimbursement may be considered fraudulent. This fabrication could result from overuse of “copy and paste” functionalities or misuse of templates originally designed for documentation eﬃciency. Healthcare abuse describes incidents or practices which are not usually fraudulent but are not consistent with accepted medical or business practices that may result in unnecessary costs to payers. These unintentional practices may involve repeated billing and coding errors that over time may be considered fraudulent if patterns of continued practice are found upon external review. When misrepresentation occurs—whether it is intentional or unintentional—the staﬀ member that has responsibility for ensuring an accurate claim has the obligation to proactively identify and pre‐ vent fraud. All providers involved in the patient’s care must be held accountable to ensure the integrity of the documentation is compliant with existing law and that the level of service reported meets all payer billing, coding, and documentation requirements. According to the Medicare Claims Processing Manual, “Medical necessity is the over‐ arching criterion for reimbursement… and the volume of documentation should not be the primary influence upon which a specific level of service is billed.”9 Audit Integrity Audits are essential to ensuring that the health record documentation present supports the level of service reported, that all payer requirements for reimbursement are met, and that only authorized users are accessing or making entries to patient medical records. Audit trails must include the name of the user, the application triggering the audit, the workstation, the specific document, a description of the event being audited (i.e., amendment, correction, or deletion), and the date and time. The audit trail must capture what is amended (including deletions) within the health record and provide auditors with a starting point for compliance audits. EHRs that lack adequate audit trail functionality create uncertainty in the integrity of health record documentation, and may create legal liability for the organization while inadvertently making or protecting criminal activity. There may also be no way to determine if and when corrections or amendments were made to the documentation, who made the changes, or the nature of the changes. In addition to the normal unintentional errors that may occur in documentation, audit trail functionality can help to detect situations where an alteration of records is meant to prevent the discovery of damaging information. Organizations may utilize the audit trail functionality of the EHR system to identify and trend utilization of health records. The functionality typically allows users to generate reports for a specified time frame by provider or provider type, with the results sent directly to a compliance committee or the organization’s governing body. Compliance Education Organizations may need to devote more strategy to ensure providers are well‐informed about compliance and legal risks. This starts in the EHR training process. Organizations may need to develop initiatives in EHR education to make sure they do not risk compliance problems. Staﬀ education on best practices for documentation should focus on the integrity of the health record. The education program must be monitored, maintained, and oﬀered quarterly or annually. Answering questions of who, what, why, and how will help to ensure individuals have a solid under‐ standing of the organizational practices and measures that maintain individual best practices. Education geared toward understanding who, what, why, and how must include:
● The definition of who (entities or individuals) could commit fraud
● Both universal and organizational best practices with regards to security and log‐in, validity of data, authorship/authentication, use and storage of data, and data transmittals
● The importance of continual education
● Strategies for applying fraud prevention best practices on a daily basisRecommendations for Maintaining Integrity Organizations should have policies and procedures in place that prevent fraud as a result of deliberate falsification of information. At minimum, organizations should consider these four primary conditions:
● Desire and commitment to conduct business and provide care in an ethical manner
● Purchasing systems that include functions and capabilities to prevent or discourage fraudulent activity
● Implementing and using policies, procedures and system functions and capabilities to prevent fraud
● Inclusion of an HIM professional such as a record content expert on the IT design and HER implementation team to ensure the end product is compliant with all billing, coding, documentation, regulatory, and payer guidelinesEnsuring documentation integrity in the record is a fundamental practice. Organizations should use the guidelines and checklists in Appendices C and D, available online in the AHIMA Body of Knowledge, to assess their compliance. These appendices contain:
● Steps organizations can take to prevent falsification of EHRs
● Guidelines for selecting EHR system features to reduce the likelihood for falsification
● Guidelines for implementing EHR systems features designed to reduce the likelihood of falsification
● Fraud prevention education programs (training requirements, security and integrity requirements, and violation of EHR policy and procedure consequences)
● Recommendations for establishing a process for logging all activity on EHR systems (audits and audit trails recommended)
● Sample business rules for EHR systemsAppendices Four appendices are available in the online version of this practice brief in the AHIMA Body of Knowledge at www.ahima.org: Appendix A: Resource List Appendix B: Case Studies: Integrity of the Healthcare Record Appendix C: Steps to Prevent Fraud in EHR Documentation Appendix D: Electronic Health Record Integrity Checklist Notes 1. Helbig, Susan. “Copying and Pasting in the EHR‐S: An HIM Perspective.” 2004 IFHRO Congress and AHIMA Convention Proceedings. October 2004. Available in the HIM Body of Knowledge, www.ahima.org. 2. Weir, CR et al. “Direct Text Entry in Electronic Progress Notes: An Evaluation of Input Errors.” Methods of Information in Medicine 42, no. 1 (2003): 61–67. 3. Hammond, Kenric W. et al. “Are Electronic Medical Records Trustworthy? Observations on Copying, Pasting and Du‐ plication.” AMIA Annual Symposium Proceedings, 2003: 269– 273. 4. Embi, Peter J. et al. “Impacts of Computerized Provider Documentation in a Teaching Hospital: Perceptions of Faculty and Resident Providers.” Journal of the American Medical Informatics Association 11, no. 4 (2004): 300–309. 5. AHIMA Testimony of Michelle Dougherty to the HIT Policy Committee Hearing on Clinical Documentation. Panel 4: Role of Clinical Documentation for Legal Purposes. February 13, 2013. http://www.ahima.org/downloads/pdfs/advocacy/ AHIMATestimony%20to%20HIT%20Policy%20Comte%20on% 20Clinical%20Documentation%2002132013.pdf. 6. National Health Care Anti‐Fraud Association. “What is health care fraud?” 2012. http://www.nhcaa.org/resources/ health‐care‐anti‐fraud‐resources/consumer‐info‐action.aspx. 7. HIMSS. “Patient Identity Integrity.” December 2009. http://himss.files.cms‐plus.com/HIMSSorg/Content/files/PrivacySecurity/PIIWhitePaper.pdf. 8. President’s Council of Advisors on Science and Technology. “Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward.” Re‐ port to the President of the United States of America, December 2010. http://www.whitehouse.gov/sites/default/files/microsites/ostp/pcast‐health‐it‐report.pdf. 9. Centers for Medicare and Medicaid Services. Medicare Claims Processing Manual, Chapter 12. 2013. http://www.cms.gov/Regulations‐and‐Guidance/Guidance/Manuals/ Downloads/clm104c12.pdf. Copyright ©2013 American Health Information Management Association. All rights reserved. All contents, including images and graphics, on this Web site are copyrighted by AHIMA un‐ less otherwise noted. You must obtain permission to reproduce any information, graphics, or images from this site. You do not need to obtain permission to cite, reference, or briefly quote this material as long as proper citation of the source of the information is made.