'Cloning’ and 'Overpopulation’ of Documentation by Physicians in Electronic Medical Records May Lead to Allegations of Fraud
Physicians looking for short cuts in completing medical record documentation should be careful to avoid using ‘cloning’ or ‘over population’ of data that may be considered to be fraud. In a January 2014 report, the OIG described cloning and over documentation as two examples of Electronic Health Record documentation practices that could be used to commit fraud.
The OIG commented that copy-pasting, also known as cloning, enables users to select information from one source and replicate it in another location. The concerns noted by the OIG is that when doctors, nurses and other clinicians copy and paste information but fail to update its accuracy, inaccurate information may enter a patient’s medical record and inappropriate charges may be billed to patients and third-party payers. In addition, inappropriate copy and pasting could facilitate attempts to inflate claims and duplicate or create fraudulent claims.
Over documentation was described by the OIG in the 2014 report as the practice of inserting false or irrelevant documentation to create the appearance of support for billing high levels of services. For example, some Electronic Health Record technologies auto-populate fields when using templates built into their system. Other systems generate extensive documentation on the basis of a single click of a check box. The OIG noted that these features may produce information suggesting the practitioner performed more comprehensive services than were actually rendered.
The OIG recently announced a fraud settlement on January 7, 2016 with a cardiology group in Somerville, New Jersey that was based on the cloning of electronic medical records. The Somerset Cardiology Group agreed to pay $422,741 in a civil money penalty (CMP) settlement stemming from allegations it submitted false or fraudulent claims. This cardiology group allegedly cloned patient progress notes and upcoded evaluation and management (E/M) services, according to the OIG. The cardiology group had self-disclosed these issued to the OIG after it discovered the alleged billing errors through an internal quality assurance audit.
Specifically, the OIG contended that the Somerset cardiology practice cloned patient progress notes, as well as improperly coded and submitted for payment to Medicare E&M services that used current procedural terminology codes to reflect a higher level of service than the cardiologists actually preformed resulting in higher payments by Medicare to which Somerset cardiology was not entitled.
The OIG frequently commented in its 2014 report that usage policies and technology features, if used consistently, could help prevent Electronic Health Record fraud. However, a concern was that providers that use Electronic Health Record technology can often disable or bypass these features, making them ineffective. The OIG report included the following recommended requirements for enhancing data quality in Electronic Health Records: audit logs, access controls such as passwords, and export controls that restrict transferring information.
Audit logs were often cited as being extremely important in fraud detection (and prevention). Audit logs track changes within a record chronologically by capturing data elements, such as date, time and user stamp, for each update to an Electronic Health Record.
From a related compliance perspective, physician practices can also use their electronic medical record system to identify incomplete records for services rendered by their affiliated physicians. If an electronic medical record is ‘open’ or not closed because it is not complete (and not signed by a physician), then a practice should not submit a claim for those services to a third-party payer until the record is complete.
Some common recommendations to avoid allegations of fraudulent documentation when using an EMR include:
Adopt (and enforce) an internal policy to prohibit “Cloning” of medical record documentation. An exception may be to propagate previous medications, allergies, past medical and surgical histories, and other data that remains static as it relates to a patient.
Do not cut and paste Electronic Health Record data, mostly because of the risks of carrying forward unverified and inaccurate data about a patient. An exception may be to bring forward things such as a radiologist’s assessment of a study into the current chart note.
Do not use a templated review of systems and physical examinations. The risk is that it may accidentally include information from another patient’s record.
Avoid letting an electronic medical record system assign a code for a service, and read over the electronic note before signing it because a signature indicates that you agree with and have verified the information included in the note.