:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/YLSA7MN345AAFENQU4EYOLN6AM.jpg)
Two years after an inspector general pointed out fraud vulnerabilities in Medicare's electronic health records payments systems, its recommendations have yet to be fully implemented.
The EHR issue was among a compendium of unresolved actions the Department of Health and Human Services OIG released on April 12, showing that the agency still hasn't put in place safeguards recommended in December 2013.
Related: Read the report
"OIG believes that all divisions of the Department have a shared responsibility for the integrity of departmental programs, regardless of whether they have health care fraud enforcement authority," the report said.
The issue dates back to a 2013 audit that examined how hospitals that received Medicare EHR incentive payments—given to medical professionals who use certified EHR technology in their practices—protect against potential fraud in the use of the technology.
The 2013 report found that while all of the hospitals studied had software in place to conduct fraud audits, they had not been utilizing the software's full functionality.
Only a quarter of the hospitals examined in the report had a policy against using copy-and-paste features in the EHR software, which the OIG said could make the records vulnerable to fraud.
"Although the copy-paste feature in EHRs can enhance efficiency of data entry, it may also facilitate attempts to inflate, duplicate, or create fraudulent health care claims," the 2013 report said.
The report went on to not that even when hospitals had copy-and-paste polices in place, they were not always able to enforce them, and software vendors told the OIG that they were unable to remove the functionality.
The OIG recommended that the Centers for Medicare & Medicaid Services collaborate with the Office of the National Coordinator for Health Information Technology on a comprehensive plan to address the fraud issue, but ruled that some two-and-half years later that the recommendation was not in place.
The compendium notes that CMS and ONC concurred with the report and were still working on a comprehensive plan. In the interim, CMS was conducting prepayment audits and edit checks, but the OIG said the move still doesn't meet the standard of action it placed in the report.
"Although we acknowledge the usefulness of conducting audits and prepayment checks as a strategy to detect fraud and abuse, these efforts do not address our recommendation to work with ONC on strengthening its collaborative efforts," it said.
The compendium comes at a time when ONC is advocating for greater use of EHRs in health care, and HHS secretary Sylvia Burwell recently announced cooperation from a litany of heath care stakeholders to promote more data sharing.
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/D4ZJIEJ57ND2JLJL4JRIFSL6DI.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/5NCHYNDXTJC53HZAQTPQGVLF3I.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/SD73AWGNQJFADGUUATNYHLWN2A.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/ZH264NEBTNDCZF65QMNOLPQDHA.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/archetype/WFC36ILXGJACXAVJPGN3EWJQPU.jpg)