More EHR Audits Planned for 2015


By Matthew Smith, Director of Marketing & Communications at Health Directions
Twitter: @HDirections

More EHR audits are on the way. The Office of the Inspector General (OIG) will continue to pay closer attention to the healthcare industry’s use of electronic health records–in particular HIPAA security, EHR incentive payments and fraud, according to the office’s recently released 2015 work plan.

As the healthcare industry moves toward digitization of health records, OIG has requested a $400 million FY 2015 budget, an increase of $105 million and 284 additional full-time employees to help expand OIG audits and reviews, several of them examining IT security, compliance and, yes, even electronic health records.

“Important changes are taking place across the healthcare industry,” wrote Daniel R. Levinson, U.S. inspector general, in OIG’s 2015 work plan justification. These changes, Levinson continued, include “an emphasis on coordinated care and an increased use of electronic health records. OIG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities.”

Part of OIG’s role in 2015 will include leveraging data analytics and “forensic enhancements” to investigate the increasingly sophisticated healthcare fraud, which is, now more than ever, including electronic health records in the process.

“We will perform audits of various covered entities receiving EHR incentive payments from CMS and their business associates, such as EHR cloud service providers, to determine whether they adequately protect electronic health information created or maintained by certified EHR technology,” OIG officials outlined in the 2015 report.

Priorities for 2015 include:

  • Identify EHR system fraud and determine “how certified EHR systems address these vulnerabilities.”
  • Review Medicaid and Medicare EHR incentive payments and ascertain if providers or hospitals received payments they should not have received.
  • Analyze the IT security of community health centers funded by the Health Resources and Services Administration.
  • Review the Centers for Medicare & Medicaid Services health information technology systems and verify the agency adopted necessary security controls to protect EHR data.

OIG has already demonstrated its commitment to EHR audits. Just this September, the office found the Louisiana Department of Health and Human Services wrongly claimed EHR incentive payments. The OIG audit discovered the state agency was overpaid 13 hospitals $3.1 million in federal EHR cash. The payment errors, as officials pointed out, were due to unclear and incorrect patient volume calculations. Some 80 percent of the state’s hospitals analyzed in the audit failed to comply with federal regulations or guidance.

This article was originally published on Health Directions and is republished here with permission.