US Electronic Health Record Incentive Program Vulnerable to Abuse

Health and Human Services inspector general wants less trust, more verify

2 min read
US Electronic Health Record Incentive Program Vulnerable to Abuse

The U.S. Department of Health and Human Services inspector general (IG) released a report this week that stated that the U.S. electronic health record (EHR) incentive program administered by the Centers for Medicare & Medicaid Services (CMS) is “vulnerable” to fraud. The IG says that CMS “has not implemented strong prepayment safeguards” to keep healthcare providers from claiming that they are meeting the meaningful use standard required, and CMS’s “ability to safeguard incentive payments postpayment [i.e., conduct audits] is also limited.”

As I noted a few weeks ago, CMS has already paid out over US $7 billion since January 2011 to over 100 000 healthcare providers claiming to meet federal EHR meaningful use standards. To get the incentive payment, healthcare providers in essence self-certify (“self-attest”) to the CMS that they meet the standards.  However, the IG says, CMS does only minimal cross-checking to see whether the self-certifications it receives pass a reasonableness test, and its audit capability is weak to say the least. For instance, the IG report notes that so far, “CMS had not yet completed any postpayment audits.”  

Nor would the audit approach that CMS proposes to use conclusively determine in all cases whether a healthcare provider’s EHR system met the meaningful-use criteria, the IG reports. The IG wants CMS to set up a more robust and fraud-resistant self-certification process that it can apply before incentive payments are made, as well as for CMS to start conducting audits using a rigorous process that could accurately measure the EHR meaningful-use achievement being claimed by a health provider.

Interestingly, when the EHR incentive program was set up, there was no requirement “to verify the accuracy of this [self-certification] information prior to payment," the IG report stated. Apparently, CMS set the program up under a “trust, but verify approach,” but it has yet to do its verification bit.

CMS agreed with the IG that it needs to start auditing healthcare providers to confirm that they are indeed meeting the meaningful use criteria, but disagrees that it should do more than the minimal cross-checking to see whether healthcare providers are being truthful or not before sending out the claimed incentive payments. CMS told the IG that conducting “prepayment reviews would increase the burden on practitioners and hospitals and could delay incentive payments.” The CMS argues that its current cross checking is sufficient, and that the threat of audits is sufficient to keep healthcare providers truthful.

CMS is looking at EHR systems as an important means to cut down on Medicare/Medicaid fraud, which is estimated to be over $60 billion dollars a year. The faster the EHR rollout, the faster fraud can be reduced seems to be the thinking. It looks like CMS is willing to accept some potential fraud in its $27 billion or so EHR incentive program in a bid to reduce the much larger pool of Medicare/Medicaid fraud.

The ironic fly in the ointment is that CMS is also majorly concerned that healthcare providers are using their new EHR systems for perpetrating Medicare and Medicaid fraud.  

It may take a while to see whether the CMS’s rapid trust-but-verify EHR rollout strategy is a good bet, or one that creates as many problems as it solves.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less