The days of walking into a physician’s office and seeing rows of color-coded files behind the receptionist’s desk are long gone. Electronic health records (EHRs) have become the preferred choice of record-keeping for many practices. It is clear that EHRs have many benefits, including the capacity to improve quality of care, facilitate better transitions of care, and enable patients to easily access their own health information. However, it is important to recognize that EHRs can also be misused. An understanding of common EHR pitfalls can help physicians and their staff members implement policies and procedures to ensure appropriate EHR use.
Potential Pitfall No. 1: CARRY FORWARD AND COPY-AND-PASTE FEATURES
Unlike paper records, which require manual data entry for each page of the record, many EHRs include copy and paste functions and allow users to carry forward demographics and other information from a patient’s prior visit. These features help save time and ensure accuracy from one record to the next. However, just as with paper records, it is not always appropriate to carry forward certain medical information from a prior visit.
For example, documentation of certain components of an examination that are required in order to bill a certain code should not be brought forward from a prior record. Similarly, it would be problematic to copy and paste a patient’s refraction from a prior visit when those tests are required to be performed again. Government agencies are picking up on these issues, and blatant copy-and-paste jobs in EHRs have been cited to uphold postpayment denials and support allegations of false claims.
Potential Pitfall No. 2: THE ERRANT EMPLOYEE LAPTOP
Because EHRs allow the capability to store thousands of patient records on a single laptop, the risk of a data breach is much higher today than in the past. For example, a nurse who has his or her practice-issued laptop stolen can potentially expose the protected health information of many patients, leaving the practice vulnerable to HIPAA violations. It is important to establish policies that dictate when computers with access to patient records can be removed from the practice and to implement requirements that ensure the security of patient information in the event a laptop is lost or stolen. Access controls, such as passwords, encryption, and audit trail features, are helpful tools to minimize the impact of such a breach.
Potential Pitfall No. 3: TRACKING CHANGES
It is not a new phenomenon for unethical individuals to justify payments through the falsification of medical records. What is new is the ability of EHR software to track and monitor changes to an electronic record, potentially helping to detect the originator of such changes. EHRs often track who enters or changes information in a record, when it is entered or changed, and what is entered or changed.
When a claim is investigated, EHR software metadata could be used to prove that records were altered to bill for services that were not actually provided. This function may also help investigators detect improper use of an EHR to make it appear as though payment criteria have been satisfied when they were not.
Despite these pitfalls, having strong policies, procedures, and employee training on the appropriate use of EHR technology can help prevent improper use of EHRs and avoid associated legal risks. Conducting regular self-assessments to identify vulnerabilities related to EHR use is crucial to prevent such misuse.