Fraud Prevention in an Increasingly Digitized World

Transcription

1 Fraud Prevention in an Increasingly Digitized World California Association of Health Plans July 22, 2013 Presented by R. Gregory Cochran, MD, JD

2 Introduction Government s evolving stance on EHR 2004 State of the Union address: President Bush stated that his goal was to make EHRs available across the county within 10 years 2009 HITECH Act and 2010 EHR Incentive program But then, September 2012 s strongly worded letter 2

3 Introduction Sebelius and Holder s letter (9/24/12): there are troubling indications that some providers are using this technology to game the system indications include potential cloning of medical records there are also reports that some hospitals may be using EHRs to facilitate upcoding of the intensity of care or severity of patients condition 3

4 Overview of Presentation Electronic v. Paper EHR/EMR Fraud Concerns Upcoding Cloning Federal legal implications 4

5 Overview of Presentation Anti-Fraud Plans (DMHC) Best Practices Clues from OIG The big picture 5

6 Paper v. Electronic EHRs: erased, cut, or pasted without the physical trail left when paper records are tampered with. EHRs: searchable -- quick and cheap. Higher stakes about what is included in a record. 6

7 Paper v. Electronic EHR: old notes or unauthorized alterations can be brought back to notice more quickly than in a paper record. Paper: old or inaccurate records more likely to stay buried and unnoticed Paper: harder/longer to review and harder to unearth. 7

8 Paper v. Electronic Paper: mores straightforward conventions to guard against malfeasance: records must be dated, entered in ink, etc. Erasures can be seen 8

9 Fraud Concerns Upcoding: Inflating the severity or intensity of a patient s condition as a means to profit from the commensurate change in code Illegal under Federal and State law 9

10 Fraud Concerns Upcoding: Evaluation and Management codes. Medicare spent more than $33.5 billion in 2010 using these numeric codes for services ranging from routine doctor office visits to outpatient hospital or nursing home care. 10

11 Fraud Concerns Chart Cloning A version of upcoding Copying and pasting information from one patient s visit note into other visits for that patient, or visit notes for other patients Very common, whether performed with fraudulent purpose, or just to save time 11

12 Fraud Concerns Difficulties in detecting upcoding and chart cloning Most providers would say they bill more because they do more Subjective nature of coding These increased bills are more accurate than the under billing done previously 12

13 Fraud Concerns Does telemedicine pose Anti-Kickback risk? Potential exposure based on, e.g., who provides/purchases telemedicine equipment (remuneration) OIG focuses on whether one or both of the parties intended for the payment to serve as an inducement or reward for referrals OIG issued favorable advisory opinion on a telemedicine arrangement in

14 Fraud Concerns Federal Legal Implications Stark law Anti-Kickback Statute False Claims Act reminder: under the ACA, knowingly concealing, avoiding, or decreasing a financial obligation to the government incurs reverse false claims liability. 14

15 Anti-Fraud Plans DMHC licensees must establish an antifraud plan to organize and implement an antifraud strategy. Fraud" includes, but is not limited to, knowingly making or causing to be made any false or fraudulent claim for payment of a health care benefit. 15

16 Anti-Fraud Plans DMHC is increasingly scrutinizing plan's anti-fraud programs One fraud plan-dedicated attorney Following the requirements of H&S 1348 to a tee 16

17 What Plans are Doing Using technology to expand capabilities for detecting fraud; e.g., smart flags Hiring and training personnel to become more knowledgeable about health care fraud and prevention. 17

18 What Plans are Doing Auditors working across multiple disciplines with clinical and pharmacy personnel and law enforcement officials to expand their fraud detection and enforcement capabilities. 18

19 Best Practices: Clues from OIG In October 2012, OIG issued a survey to all hospitals that received EHR incentive payments in 2011 Survey may provide insight into OIG s agenda as they examined EHR fraud issues 19

20 Best Practices: Clues from OIG OIG questions about user access favored multiple combinations of security measures Unique user ID, password, ID card, biometrics, and public-key authorization Once logged in: automatic time-out, regular password changes, user agreements forbidding sharing of passwords 20

21 Best Practices: Clues from OIG Survey documents that OIG is interested in outside entities access to EHR technology On-site access and unique user IDs allow superior tracking of outside entities EHR activity Plans should consider limiting access as much as possible (specific patient, view-only) 21

22 Best Practices: Clues from OIG OIG survey asked numerous questions about audit logs Audit logs should record comprehensive data on NPI, method of data entry, date/time/user stamp Audit logs should record events such as import of data, disabling of audit log and release of encounter for billing 22

23 Best Practices: Clues from OIG OIG also asked questions about audit log security Plans should ask: Is the audit log always available? Can the audit log be: disabled? deleted? edited? transmitted? printed? Audit logs should be accessible by a smaller subset of personnel and reviewed regularly 23

24 Best Practices: Clues from OIG OIG survey probed hospitals about physician and nurse progress notes, checking if providers enter notes directly into the EHR OIG sought responses about patient access to EHR, pushing back if the hospital does not provide access and log identification method OIG also gathered answers about cut-andpaste and templates features 24

25 Best Practices: Clues from OIG OIG survey asked whether hospitals had implemented any of these six safeguards: 1. Policies and procedures for analysis of audit log data 2. Written policies and agreements for EHR users 3. Employee training on privacy 25

26 Best Practices: Clues from OIG OIG survey asked whether hospitals had implemented any of these six safeguards: 4. Employee training on fraud and abuse prevention 5. Employee training on EHR data integrity 6. Routine review of EHR user privileges 26

27 Best Practices: The Big Picture Plans should: Understand that, under healthcare reform, regulatory agencies can share data to intensify anti-fraud efforts Ask members to help by engaging them with their coverage, warning them about free medical treatment, and urging them to safeguard their ID cards 27

28 Best Practices: The Big Picture Plans should: Require providers to train clinicians and clinical staff on proper EHR practices, with regular reviews Require providers to work closely with technology vendors Require providers to undergo coding compliance audits targeted toward risky areas: cut-and-paste, other shortcuts 28

29 Best Practices: The Big Picture Plans should: Encourage and implement auditing software Develop and follow clear policies about how to address and resolve electronic billing irregularities, including referral to state/federal agencies Revamp existing policies and procedures to reflect the potential for electronic fraud (e.g. whistleblowers of electronic fraud must be protected) 29

30 Questions? 30

31 Contact Info R. Gregory Cochran, MD, JD Nossaman, LLP 50 California Street, Ste San Francisco, CA