Trust But Verify: Why CMS Got It Right On EHR Oversight

Little evidence of any fraud, waste, or abuse in the EHR incentive program

By Dr. Ashish K. Jha

Last week’s New York Times headline read that “Medicare Is Faulted on Shift to Electronic Records.”  The story describes an Office of Inspector General (OIG) report, released November 29, 2012, that faults the Centers for Medicare and Medicaid Services (CMS) for not providing adequate oversight of the Meaningful Use incentive program. Going after “waste, fraud, and abuse” always makes good headlines, but in this case, the story is not so simple.

For those not intimately familiar with the CMS policy, in 2009, Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The program, administered through CMS and state Medicaid programs, created financial incentives for doctors (and other eligible professionals) and hospitals to adopt and “meaningfully use” a certified electronic health record (EHR).  To receive financial incentives, which began to be paid in May 2011, doctors and hospitals “attest” that they have met the meaningful use requirements, providing an affirmation for which they are held legally accountable.

The process works as follows: health care providers visit a CMS website, register, and enter data demonstrating that their EHRs are “certified” and that they met each of the individual requirements for meaningful use. Then they attest that that all the data they entered is true.  For example, a physician might have to report, to meet just one of the 20 meaningful use measures, how many prescriptions she wrote over the past 90 days, and how many she wrote electronically.  My conversations with colleagues suggest that it can take a lot of time for providers to gather all the data they need to “attest” to meeting Meaningful Use.  Then, CMS runs logic checks to ensure that the numbers entered make sense and, if there are no errors, they cut the provider a check. Through September, 2012, CMS paid out about $4 billion in incentives to 82,000 professionals and more than 1,400 hospitals.

What The Office Of Inspector General Recommended …

The Office of Inspector General examined how carefully CMS is overseeing this program, with particular interest given the reliance on self-reporting of meaningful use, and found areas for improvement.  Several of the OIG recommendations for improving oversight are sensible, measured, and very likely to improve the integrity of the program.  For instance, OIG recommends that CMS provide detailed guidance to providers about what constitutes adequate documentation to support their attestation.  This is the equivalent of the IRS providing guidance on what documentation you need to prove that your tax deductions are legitimate.  Another reasonable OIG recommendation is that certified EHRs be able to produce automated reports about all the functions required to meet meaningful use.  I suspect this will not be particularly onerous for EHR vendors to meet.

… And Where OIG Went Wrong

Where the OIG goes astray is their recommendation that CMS “obtain and review supporting documentation” from selected doctors and hospitals prior to payment.  This is the equivalent of the IRS asking a large chunk of Americans to send in their receipts and detailed explanations along with their 1090s before they get their refund.  Based on the screening tool discussed in the OIG report, about 100,000 physicians and 800 hospitals would be subject to creating these detailed reports with a large amount of supporting evidence each year — and CMS would need to add a substantial number of staff to review all these reports before making any payments.

CMS chose not to concur with this recommendation, and I think CMS is right. There is little evidence to date of any fraud, waste, or abuse in the EHR incentive program.  Were they to follow this OIG recommendation, CMS would effectively make waste in the program more likely.

This is not to say that there are not areas in which CMS should be more aggressive in their oversight.  Indeed, CMS pays out more than $500 billion in taxpayer money each year for medical care, and there is ample evidence that a substantial proportion of that money goes to health care services that harm our nation’s elderly while providing little clinical benefit — that’s the real “waste, fraud, and abuse.” We continue to pay billions for poor quality and unsafe care.  CMS needs to develop more sophisticated and nuanced approaches to ensuring that it pays more for better care, pays less for poor quality care, and protects not only the taxpayer dollar, but also the health of Medicare beneficiaries.  That’s worth getting aggressive about.

CMS’s Approach On EHR Payments Strikes The Right Balance

Given that there is no evidence that doctors and hospitals are systematically committing federal fraud by reporting that they are meaningfully using EHRs when they are not, CMS has instead planned a post-payment audit.  And if physicians or hospital executives are found to have deliberately and consciously lied in order to get incentives, they should be prosecuted.  If they made an honest mistake — and given the complexity of meaningful use criteria, this is a real possibility — they should give the money back and potentially pay a fine.  But creating a huge new burden will dissuade many providers from even adopting EHRs, and continuing to rely on paper records is no way to deliver health care.  The cost of the latter to the American public, in terms of duplicate tests, medical errors, and general poor quality care, is far more substantial.

In each regulatory decision, there is a balancing act:  have too few checks and there will be widespread fraud; be overly heavy-handed and you may end up penny-wise and pound-foolish.  The approach that CMS seems to be taking is, in the famous words of President Reagan, “trust, but verify.”  Trust that providers are being honest – but verify through selected audits.  It appears to get the balance right. This approach was good enough for President Reagan’s dealings with the Soviet Union and I suspect that it’s good enough for CMS’s dealings with doctors and hospitals.

 Dr. Ashish K. Jha is a practicing Internist physician and a health policy researcher at the Harvard School of Public Health. This article is published on his blog, An Ounce of Evidence and is used here with his permission. You can follow Dr. Jha on Twitter: @ashishkjha