A peer-reviewed, evidence-based journal for clinicians in the field of neuroscience
Issue link: https://innovationscns.epubxp.com/i/555782
Innovations in CLINICAL NEUROSCIENCE [ V O L U M E 1 2 , N U M B E R 7 – 8 , J U L Y – A U G U S T 2 0 1 5 ] 36 R I S K M A N A G E M E N T EHR documentation practices that could be used to commit fraud, the first being copy and paste, and the second was over-documenting irrelevant documentation just to support higher level billing via auto- populating fields and checkboxes. The resulting documentation can suggest that the provider provided more comprehensive services than were actually rendered. Last year HHS's Office of Inspector General (OIG) issued another report 5 saying not enough is being done to address these EHR billing issues, and the OIG is not giving up on this. This year's report 6 of unimplemented recommendations points out that CMS does not have a plan to detect and reduce fraud in EHRs with respect to billing for services. The Federation of State Medical Boards (FSMB) has also expressed concerns about copy and paste. In a FSMB report, 7 the following is included in the section on ethical utilization of EHRs: "Generally it is inappropriate to copy and paste or otherwise document an entry that is not derived from a patient encounter at the time of the visit, unless the provider makes a clear notation that the information is copied and pasted from another record." Other ways to automate documentation include the following: Templates. Be cautious of templates with pre-printed information indicating the highest level of services was performed. Also, make sure the template is appropriate; templates tend to take a one-size-fits-all approach, without regard for age appropriateness, or target patient population. Pre-populating fields. Some EHRs can populate an entire patient assessment just by selecting a check box, such as populating an entire review of systems. In one case, the prepopulated data for physical examinations created automated documentation saying the female patients had received prostate exams and male patients had negative pap smears! Again, some state boards 8 have formally expressed specific concerns about the pre-population feature in EHRs. The North Carolina Board cautions against relying upon software that pre-populates particular fields in the EMR without updating those fields in order to create a medical record that accurately reflects the elements delineated in a position statement. Default data. Be sure you know what is documented (that is, what shows up in the record) if you do not enter data in a field. Documenting by exception. Some EHRs offer the ability to mark a single checkbox indicating that all patient systems are either normal or abnormal. When the doctor mistakenly checks the wrong box, the documentation is all wrong. Remember that documentation created by an EHR is not the same as documentation created by the healthcare provider. Consequently, it is a problem if a reader cannot distinguish between data entered by the provider and system-generated data. Documentation must be specific to the patient, and to the patient's visit. Free text space should be available to individualize the services provided. With all of this electronic documentation comes data protection risks. There are many reports 9 of government investigations of breaches of protected health information, particularly unencrypted laptops with patient information being stolen. These major enforcement actions underscore the significant risk to the security of patient information posed by unencrypted laptop computers and other mobile devices. And it's not just Health Insurance Portability and Accountability Act of 1996 (HIPAA) enforcement to worry about. States can also regulate consumer data protection and require the protection of personal information. HOW TO KEEP YOUR PATIENTS SAFE Risk managers have been concerned about EHRs and patient safety for years. Now it's getting a lot of attention. The Joint Commission recently issued a Sentinel Event Alert 10 on the safe use of health information technology, and gave several examples of adverse events caused by EHRs. Also, the ECRI Institute put out its Top 10 Patient Safety Concerns for 2015. 11 Second on the list of concerns was data integrity (e.g., incorrect or missing data in EHRs, including one patient's data in another patient's record, missing data or delayed data delivery, default values being used by mistake, or fields being prepopulated with erroneous data, and outdated information being copied and pasted into a new report). Tenth on the list was medication errors related to pounds and kilograms. Although the problem poses a significant potential for error with adults, children and older adults may be even more sensitive to medication dosing errors. Here are some additional patient safety problems that have been attributed to the use of EHRs: Box checking. Important information can be omitted if you only check the boxes. Drop boxes. These can be very sensitive in terms of making a choice; clicking just a millimeter off changes the entry. This is of particular concern in lawsuits involving psychopharmacology, where the prescriber clicked on (ordered) a different amount than intended just because the cursor was a millimeter off.