Electronic Health Record Challenges: A Look at EHR Fraud, Security Issues, & Adoption Barriers

Posted by IntegrityM | | Audit, Medicare

Electronic Health Records (EHR) FraudSince the late 20th to early 21st century, reports such as “To Err is Human” by the Institute of Medicine have been published and have advocated the adoption of electronic health records (EHRs). EHRs offer tools to mitigate human error, be a medium to share personal medical records securely across the country, establish electronic communications between health care providers, improve the efficiency and efficacy of healthcare delivery, and save the healthcare industry billions of dollars in the long run.

Thus, EHRs have been the focal initiative in the health IT movement. The potential for this technology to provide sustainable and affordable health care to Americans is seemingly limitless. However; there are significant electronic health record challenges that need to be addressed in order for the system to run efficiently and without substantial risk of EHR fraud and abuse.

Electronic Health Record Adoption & Meaningful Use

To promote EHR adoption across the United States, the Health Information Technology for Economic and Clinical Health (HITECH) act of 2009 provided federal incentives to organizations that adopt an EHR and use the technology in a “meaningful” way. Eligible professionals with a meaningfully adopted EHR system can receive up to $43,720 in federal benefits1. As a result, the rate of EHR adoption has grown substantially.

According to a recent study published in Health Affairs, 48% of all office-based physicians have reported that they adopted an EHR system with advanced capabilities as of 2013 – doubling the rate of physicians from 2009. In addition, approximately 60% of all hospitals had adopted an EHR with advanced capabilities – quadrupling the measure from 20102. What this information clearly illustrates is that organizations are rapidly adopting EHR systems and are incentivized to use them in a meaningful way. But, is the rapid adoption of EHRs causing unintended consequences?

Cost of EHR Adoption: Time, Money, and Dissatisfaction

It’s no secret that it can be extremely costly to adopt EHRs and install a meaningful system and train end users on the software. Several studies estimate the cost of purchasing and installing an electronic health record (EHR) ranges from $15,000 to $70,000 per provider34567. In addition, the installation of EHRs can be met with discomfort from end users (physicians, nurses, etc.) due to the steep learning curve associated with EHR adoption. As a result, end users often consider EHRs to be a barrier to overcome instead of a tool to increase efficiency. According to a 2011 survey of office-based physicians, only 1/3 of physicians were very satisfied with EHRs8. Dissatisfaction with EHRs has led to some physicians cutting corners in using the tool effectively. In addition, experts in the field of health information technology caution that EHRs can actually make it easier to commit fraud9.

EHR Copy and Paste Guidelines & Policies: A Gateway for Inaccurate Reporting and EHR Fraud

One such act that has the attention of the HHS OIG is copying and pasting10. The act of copying and pasting, also known as cloning, allows end users of EHRs to select information from one source and replicate it in another location11. Copying and pasting is an act that is used by many to save time in writing documents electronically. For EHR documentation, this act is often utilized when scribing progress notes and has the potential to infiltrate into other areas of a patient’s EHR.

The main concern with copying and pasting within EHRs is the end-user neglecting to update key aspects of the copied text to fit the individual situation being scribed. This neglect can lead to erroneous EHR documentation and fraudulent billing of insurance entities such as Medicare. The majority of hospitals in the country do not have policies in place for copying and pasting inside EHRs

According to a 2013 report conducted by the OIG, “only 24 percent of hospitals had policies in place regarding use of copy-paste, and only 44 percent of hospital audit logs recorded the method of data entry (e.g., copy-paste, direct text entry, speech recognition) when data are entered into the EHR.”10

Example: Using the progress notes from another patient as a template, a physician copies and pastes the entire contents into the progress notes section for the patient he/she is currently caring for. During this exercise, the physician becomes distracted with a question or urgent request. Upon returning to the progress note, the physician quickly reviews his/her comments and submits the progress note as is – mistakenly documenting the incorrect progress notes.

The result? Once the inpatient visit is complete, hospitals might incorrectly “up-code” the diagnosis related group (DRG) and receive higher reimbursement from the patient’s insurance.

Diagnosis Related Group (DRG) Problems and Fraud Detection

DRG “up-coding” is a well-documented scheme to defraud Medicare, but with the right expertise, can be identified before the problem persists.

Integrity Management Services has substantial experience identifying DRG “up-coding” occurrences with the use of sophisticated statistical multi-faceted algorithms. These algorithms consider patient length of stay, rates of discharge, common illnesses associated with the DRG, increases in patients with DRGs from one period of time to another, and many other factors to identify suspicious DRG “up-coding” schemes.

Combat EHR Fraud and Abuse

As the percentage of health care providers using EHRs continues to rise, the opportunity for EHR fraud also grows. Integrity Management Services’ statisticians have experience comparing DRG “up-coding” and other fraudulent schemes related to EHR documentation. They can help to mitigate risk and estimate recoverable reimbursements.


  1. http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Basics.html
  2. http://www.hhs.gov/news/press/2014pres/08/20140807a.html
  3. Blumenthal D, Glaser JP. “Information Technology Comes to Medicine.”Web Site Disclaimers N Engl J Med. 2007
  4. Smith PD. “Implementing an EMR System: One Clinic’s Experience.”Web Site Disclaimers Fam Pract Manag. 2003.
  5. Fleming NS, Culler SD, McCorkle R, Becker ER, Ballard DJ. “The Financial And Nonfinancial Costs Of Implementing Electronic Health Records In Primary Care Practices.”Web Site Disclaimers Health Aff. 2011.
  6. Miller RH, Sim I, Newman J. “Electronic Medical Records: Lessons from Small Physician PracticesWeb Site Disclaimers” [PDF – 477.3 KB]. iHealth Reports. 2003.
  7. Bodenheimer T, Grumbach K. “Electric technology: a spark to revitalize primary care?”Web Site Disclaimers JAMA. 2003.
  8. http://www.healthit.gov/providers-professionals/why-adopt-ehrs
  9. Dougherty, Michelle. HIT Policy Committee Hearing on Clinical Documentation, February 13, 2013
  10. http://oig.hhs.gov/oei/reports/oei-01-11-00570.pdf
  11. Association of American Medical Colleges, Compliance Officers’ Forum. Appropriate Documentation in an EHR: Use of Information That Is Not Generated During the Encounter for Which the Claim Is Submitted: Copying/Importing/Scripts/Templates. July 11, 2001.

Certifications and Memberships

U.S. Women's Chamber of Commerce Small, Women and Minority Owned CMMI GSA Contract Holder ISO   Member ASA

Integrity Management Services, Inc.  |  5911 Kingstowne Village Parkway, Suite 210  |  Alexandria, VA 22315

Copyright © 2024 Integrity Management Services, Inc. All Rights Reserved. Privacy Policy | Sitemap
ASΣProTM and the ASΣProTM Logo are registered trademarks of Integrity Management Services, Inc. in the United States and other countries.