With the many advantages of electronic health records (EHRs), there are disadvantages, including the potential for misuse and fraud. To guard against this potential, the U.S. Office of the Inspector General (OIG) is stepping up its audit efforts for healthcare providers’ EHRs. Proactive providers should follow some commonsense practices to be ready if an EHR audit occurs.
OIG has requested a budget of $400 million for fiscal year 2015—a large increase over the previous year—and almost 300 more staff to carry the increased workload of auditing EHRs. In addition, they intend to use forensic data analysis methods to identify questionable activities in providers’ EHR systems. , they are seeking evidence that federal EHR incentive payments were improperly claimed.
Preparation for an EHR audit should not differ from preparing for any other audit, whether from the Food and Drug Administration, an ISO certification provider or a financial auditor. By way of review, here are things providers should think about to ensure readiness for an EHR audit.
Audit Readiness Checklist
Audit preparedness is a matter of documenting what you do, and doing what you document. This starts with your standard operating procedures (SOPs).
- What is the state of your EHR-related SOPs? Are they up to date?
- Have EHRs been reviewed within the required time frame (consider period for time frame)and approved by management?
- Have all required personnel been trained on SOPs?
- Where are the training records?
An EHR system is an IT system, and fraud prevention starts with proper IT security.
- What are your policies for controlling access to the EHR system?
- Where are the records that show these policies are being followed?
- Do all personnel have levels of access for their job functions?
- Are the user accounts of former employees disabled in a timely manner?
- Are your computers, servers and firewalls properly configured, and do they have the latest security updates?
- Where are the records for these updates?
Another part of a successful audit lies in making sure your personnel are ready.
- Do you have an audit response team?
- Do they know their roles and responsibilities?
- Do you have a room where the auditors can work?
- Have all personnel been trained on how to interact with the auditors?
Finally, OIG will look for patterns in the EHR data that might indicate fraudulent activity or misrepresentation. A healthcare provider that has claimed EHR incentive payments had better have the records to back up these claims.
The time to assess your audit readiness is now—not when the auditors come knocking on your door. With an honest assessment, you can try to ensure you are ready for an EHR audit.
Written by Dean Van Dyke, Vice President, Business Process Optimization
Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.