SlideShare a Scribd company logo

Compliance Today

B
Bernard T. McClellan
1 of 5
Download to read offline
Compliance TODAY November 2014 a publication of the health care compliance association www.hcca-info.org Quality improvement, patient safety, and the zeal to comply: What a CPA and a radiologist bring to Compliance leadership 29 OIG, EHR, and audit logs: Thinking ahead Cornelia M. Dorfschmid and Bernard McClellan 33 Billing data: Tools to maximize data mining efforts Melissa McCarthy 41 Beyond the hospital walls: Compliance with provider-based clinics Wendy Wright 37 Getting and keeping your board engaged Paul P. Jesep an interview with Don Sinko and Mark Sands See page 18 Donald A. Sinko Chief Integrity Officer, Cleveland Clinic Dr. Mark J. Sands Vice Chairman for Clinical Operations & Quality, Cleveland Clinic Imaging Institute; and Chairman, Corporate Compliance Committee This article, published in Compliance Today, appears here with permission from the Health Care Compliance Association. Call HCCA at 888-580-8373 with reprint requests.
Compliance Today November 2014 FEATURE by Cornelia M. Dorfschmid, PhD and Bernard McClellan, JD OIG, EHR, and audit logs: Thinking ahead »»Turn EHR audit logs on to manage logs proactively and analyze logs routinely. »»Use audit logs as part of billing monitoring and anti-fraud detection. »»Require written policies and procedures on usage, storage, and configuration management of audit logs to ensure availability and integrity. »»Be prepared to respond to ADR requests for audit logs by contractors who are doing medical reviews. »»Use EHR audit logs to detect vulnerabilities before others do. McClellan 888-580-8373 www.hcca-info.org 29 Electronic health records systems (EHRs) replace traditional paper medical records with computerized record-keeping to document and store patient health information (e.g., patient demographics, progress notes, orders, medications, medical history, and clinical test results) from any healthcare encounter. Software vendors create EHR technology that includes a vari-ety of applications and tools for collecting, managing, and sharing patient information electronically and for clinical decision-making. One of the features of EHR systems includes functionalities that support audit control functions and requirements. Audit functions, such as audit logs that are files gener-ated by usage of the system, track access and changes within a record chronologically by capturing data elements (e.g., date, time, and user stamps) for each update to an EHR. An audit log (a file generated automatically, if the audit function is enabled in the software) can be used to analyze historical patterns that can identify data inconsistencies. EHR-certified systems that include these audit log capabilities are eligible for Meaningful Use criteria and incentive monies. Systems with these audit functions can also support investigative efforts related to fraud and abuse, but may also support claims auditing efforts. As the Office of the Inspector General (OIG) pointed out repeatedly, EHR systems are vulnerable to fraud and abuse due to inappropriate copy-and-pasting (i.e., cloning) and over-documentation (i.e., inserting false or irrelevant documentation to create the appearance of support for higher levels of billing).1 In a recent OIG report of January 2014, OIG found that CMS contractors adopted few program integrity practices specific to EHRs to curb fraud and abuse that occurs when EHR vulnerabilities are exploited.2 A particular OIG concern is how CMS contractors address fraud vulnerabilities directly related to Medicare health claims. OIG notes that audit logs can be used to ana-lyze historical patterns that can identify data inconsistencies. To provide the most benefit in fraud protection, audit logs should always be operational, be stored as long as clinical records, and never be altered. OIG goes fur-ther in noting that few integrity contractors analyze audit logs as part of medical review Cornelia M. Dorfschmid (cdorfschmid@strategicm.com) is Executive Vice President and Bernard McClellan was a Summer Intern at Strategic Management Services in Alexandria, VA. Dorfschmid
FEATURE activities. This should give the healthcare industry pause. If CMS’s audit contractors can be expected to request audit logs associated with electronic medical records in a medical review or audit, then healthcare organiza-tions need not only prepare for respond-ing to these record As OIG pointed out, “experts in health information technology requests. They also need to make it their business to know what is going on in their own audit logs and the potential risk they harbor — before CMS contractors will. They harbor both documentation risk and audit risk. They also provide an opportunity to correct and detect risk internally and proac-tively. caution that EHR technology can make it easier to commit fraud.” In other words, audit logs of EHR must be managed! OIG on CMS contractors’ integrity practices related to EHR OIG’s January 2014 study describes how CMS and its contractors implemented program integrity practices in light of widespread EHR adoption. The study produced two key find-ings: (1) CMS and its contractors adopted few program integrity practices specific to EHRs, and (2) CMS provided limited guidance to its contractors on fraud vulnerabilities in EHRs. To address these findings, OIG provided two recommendations to CMS. First, OIG recommended that CMS pro-vide guidance to its contractors on detecting 30 www.hcca-info.org 888-580-8373 Compliance Today November 2014 fraud associated with EHRs. CMS has directed contractors to give special consideration to medical records within an EHR and to con-firm authorship of medical records. However, contractors reported additional guidance is required for review of EHR-based claims. Specifically, CMS should provide more details on reviewing EHR documentation and elec-tronic signatures in EHRs. Second, OIG recommends that CMS direct its contractors to review providers’ audit logs. As OIG pointed out, “experts in health information technol-ogy caution that EHR technology can make it easier to commit fraud.” For instance, the copy-paste feature allows users to replicate information in one source and trans-fer the information to another source. Overuse or inappropriate use of copy-paste could produce inaccurate informa-tion and facilitate fraudulent claims. In addition, some EHRs provide templates that auto-popu-late fields by a single click, resulting in extensive documentation. As OIG notes, the use of audit logs may reveal such data inconsistencies and “provide the most benefit in fraud detection.” Accordingly, “audit logs should always be oper-ational and be stored as long as clinical records.” OIG found that few contractors have adjusted their practices for reviewing EHRs. Only three of 18 Medicare contractors reported the use of audit log data during their reviews or investigative processes. In addition, some contractors reported that they were unable to identify copied language or over-documenta-tion in a medical record (see Table 1, page 31). OIG expressed concern over EHR documenta-tion, because such practices are made easier in an electronic environment. In response, CMS concurred with the recommendation to provide its contractors guidance on detecting fraud associated with EHRs. Specifically, CMS expressed an inten-tion to “develop appropriate guidelines to ensure appropriate use of the copy-paste fea-ture in EHRs.” CMS partially concurred with
Compliance Today November 2014 FEATURE 888-580-8373 www.hcca-info.org 31 the recommendation to direct its contractors to use providers’ audit logs. However, CMS did note that audit logs “should be part of a comprehensive approach to reviewing the authenticity of EHRs.” The industry should expect CMS contrac-tors to adjust their program integrity practices specific to EHRs. Provider EHR documenta-tion will be subjected to a higher standard of review. Accordingly, providers should start thinking ahead. Making the most of your audit logs now The OIG’s report should be a warning shot. Providers should take proactive steps now to be ready for any audit log record requests by gov-ernment entities. Providers should also advance their billing monitoring strategies by using the audit logs to detect vulnerabilities. These are steps we recommend to manage audit logs. 1. Develop written procedures to ensure the generation, analysis, and storage for audit logs of EHRs and their availability and integrity. Collaborate on this with IT, Reimbursement, Compliance, and the EHR vendor. Do you log what you want and need? 2. Implement configuration management policies for the EHR that require: • the use of an audit log function that specifies audit log operation and content for tracking EHR updates. • the method (i.e., copy-paste, direct entry, import) for any update to an EHR is documented and tracked. • the user ID of the original author is tracked when an EHR update is entered “on behalf” of another author (i.e., distinguish between entries made by an assistant and a provider). • EHR technology is able to record and indicate the method used to confirm patient identity (i.e., photo identification, prior relationship). • original EHR documents are retained after they are signed off and modifications are tracked as amendments.3 3. Ensure that EHR audit logs remain as written (unaltered) and then are stored properly. Backup and archive procedures are important to ensure availability and authenticity when they are needed. They should be kept at least 6 years to be consistent with HIPAA requirements for electronic PHI, if not longer. Many providers keep them longer, if not indefinitely. 4. Use software analysis tools to regularly analyze audit logs. Involve those who know analytics in your organization to help review them and extract potential patterns. 5. Include results of audit logs analysis in periodic systems activity review meetings. Number of CMS contractors that reported conducting additional review procedures Number of CMS contractors that reported being unable to identify copied language and over-documentation in EHRs Contractor Conduct Additional Review Use Audit Log Data Copied Language Over-documentation MAC 2 out of 8 1 out of 8 4 out of 8 6 out of 8 ZPIC 0 out of 4 1 out of 4 3 out of 6 6 out of 6 RAC 2 out of 6 1 out of 6 2 out of 4 3 out of 4 Table 1: Contractors on use of audit logs, copy-pasting, and over-documentation Source: OIG Report OEI-01-11-00570, p. 6,7
and Auditing Issues 1. Developing an Effective Compliance Team 2. Keeping the Health Care Sampling Gains Going 3. Retrospective Versus Contemporaneous Reviews 4. The Atorney-Client Privilege in the Context of Health Care Compliance Investigations FEATURE Monitoring and Auditing 5. Financial Relationships With Physicians: Auditing and Monitoring Anti-Kickback Statute and Stark Law Compliance 6. Creating Databases of Financial Relationships 7. Developing a Voluntary Disclosure and Refund 8. Medicaid Program Provider Self-Audits The HIPAA security officer may want to inquire about these audit logs. 6. Develop specific data analysis of patterns in audit logs to detect copy-paste and over-documentation 32 www.hcca-info.org 888-580-8373 Compliance Today November 2014 risk. Develop metrics or profiles that can be checked routinely to assess if a user or physician falls out of profile. For example, you may examine: • the ratio between average usage time per session and average record length of entries into a patient record (bit size increase or text length) to assess a physician profile. If very low, this may raise some questions. • the ratio of time online to size of a clinical record generated. • if copy-paste activity can be captured in the audit logs as an event, and study frequent users and claims where the function has been used. • the frequency of copy-pasting in a sample of high-level evaluation and management (E/M) or high-dollar claims and any activities/events captured in the audit logs of those records. 7. Interview clinical users as to the ease of use or misuse of copy-paste and documentation features. They may tell you about their likes/dislikes and along with those, risks inherent in the current configuration and usage. 8. Turn on the audit logs and plan for backup, storage, and retrieval. 9. Consider audit logs sensitive information that is not handled or controlled by end-users, but is the responsibility of Information Security and Compliance. 10. Experiment. It is data that can tell a story. 1. Office of the Inspector General: Not all recommended fraud safeguards have been implemented in hospital EHR technology (OEI-01-11-00570). December 2013. Available at http://1.usa.gov/1vrnkWx 2. OIG: CMS and its contractors have adopted few program integrity practices to address vulnerabilities in EHRS (OEI-01-11-00571). January 2014. Available at http://1.usa.gov/1fVwo24 3. See OEI-01-11-00570, Table 1 RTI recommendations, p. 4 & Order Form Qty HCCA Member Price . . . . . . . . . . . . . . . . . . . . . . . $49.95 Non-member Price $59.95 Join HCCA! Non-members, add $200 and pay the member price for your order $200.00 (Regular dues $295/year) Second edition Mail check to: HCCA, 6500 Barrie Road, Suite 250 Minneapolis, MN 55435 Or fax to: 952-988-0146 Total: $  My organization is tax exempt Monitoring Auditing Practices for EffEctivE compliancE Part I. Basic Compliance Monitoring and Auditing Issues 1. Developing an Effective Compliance Team 2. Keeping the Health Care Sampling Gains Going 3. Retrospective Versus Contemporaneous Reviews 4. The Attorney-Client Privilege in the Context of Health Care Compliance Investigations  Part II. Voluntary Compliance Monitoring and Auditing 5. Financial Relationships With Physicians: Auditing and Monitoring Anti-Kickback Statute and Stark Law Compliance 6. Creating Databases of Financial Relationships 7. Developing a Voluntary Disclosure and Refund 8. Medicaid Program Provider Self-Audits Part III. Mandatory Compliance Monitoring and Auditing 9. Corporate Integrity Agreement Negotiations 10. Preparing for an Independent Review Organization Engagement See what’s inside: Order Form Monitoring and Auditing 9. Corporate Integrity Agreement Negotiations 10. Preparing for an Independent Review Organization Engagement 888-580-8373 www.hcca-info.org/MonitoringAuditingPractices

Recommended

Article on The Electronic Health Record
Article on The Electronic Health RecordArticle on The Electronic Health Record
Article on The Electronic Health RecordAnurag Deb
 
2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med Devices
2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med Devices2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med Devices
2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med DevicesEMMAIntl
 
The Future of RCM in Healthcare Organizations
The Future of RCM in Healthcare OrganizationsThe Future of RCM in Healthcare Organizations
The Future of RCM in Healthcare OrganizationsCitiusTech
 
A Proposed Framework for Regulating AI Based Applications in SaMD
A Proposed Framework for Regulating AI Based Applications in SaMDA Proposed Framework for Regulating AI Based Applications in SaMD
A Proposed Framework for Regulating AI Based Applications in SaMDEMMAIntl
 
Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on CloudSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
ICD-10 Transition: What Health Lawyers Need to Know
ICD-10 Transition: What Health Lawyers Need to KnowICD-10 Transition: What Health Lawyers Need to Know
ICD-10 Transition: What Health Lawyers Need to KnowPYA, P.C.
 
PATIENT MANAGEMENT SYSTEM project
PATIENT MANAGEMENT SYSTEM projectPATIENT MANAGEMENT SYSTEM project
PATIENT MANAGEMENT SYSTEM projectLaud Randy Amofah
 
Regulating AI & ML in Medicine
Regulating AI & ML in MedicineRegulating AI & ML in Medicine
Regulating AI & ML in Medicineshyamal_patel
 

Recommended

Article on The Electronic Health Record
Article on The Electronic Health RecordArticle on The Electronic Health Record
Article on The Electronic Health RecordAnurag Deb
 
2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med Devices
2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med Devices2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med Devices
2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med DevicesEMMAIntl
 
The Future of RCM in Healthcare Organizations
The Future of RCM in Healthcare OrganizationsThe Future of RCM in Healthcare Organizations
The Future of RCM in Healthcare OrganizationsCitiusTech
 
A Proposed Framework for Regulating AI Based Applications in SaMD
A Proposed Framework for Regulating AI Based Applications in SaMDA Proposed Framework for Regulating AI Based Applications in SaMD
A Proposed Framework for Regulating AI Based Applications in SaMDEMMAIntl
 
Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on CloudSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
ICD-10 Transition: What Health Lawyers Need to Know
ICD-10 Transition: What Health Lawyers Need to KnowICD-10 Transition: What Health Lawyers Need to Know
ICD-10 Transition: What Health Lawyers Need to KnowPYA, P.C.
 
PATIENT MANAGEMENT SYSTEM project
PATIENT MANAGEMENT SYSTEM projectPATIENT MANAGEMENT SYSTEM project
PATIENT MANAGEMENT SYSTEM projectLaud Randy Amofah
 
Regulating AI & ML in Medicine
Regulating AI & ML in MedicineRegulating AI & ML in Medicine
Regulating AI & ML in Medicineshyamal_patel
 
Technology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsTechnology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsRichard Cole
 
Pharmacovigilance Training in Oracle Argus Safety Database with Project
Pharmacovigilance Training in Oracle Argus Safety Database with ProjectPharmacovigilance Training in Oracle Argus Safety Database with Project
Pharmacovigilance Training in Oracle Argus Safety Database with ProjectBioMed Informatics
 
E Healthcare Systems Hb Emr Prep Pp
E Healthcare Systems Hb Emr Prep PpE Healthcare Systems Hb Emr Prep Pp
E Healthcare Systems Hb Emr Prep Pphunterberney
 
Overview of Hospital Information Systems
Overview of Hospital Information SystemsOverview of Hospital Information Systems
Overview of Hospital Information SystemsNawanan Theera-Ampornpunt
 
FHIR for Life Sciences
FHIR for Life SciencesFHIR for Life Sciences
FHIR for Life SciencesCitiusTech
 
Mobile Hospital Management System - Casestudy by RapidValue Solutions
Mobile Hospital Management System - Casestudy by RapidValue SolutionsMobile Hospital Management System - Casestudy by RapidValue Solutions
Mobile Hospital Management System - Casestudy by RapidValue SolutionsRapidValue
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
Hospital management system
Hospital management systemHospital management system
Hospital management systemMohammad Safiullah
 
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignment
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignmentvincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignment
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignmentvincent barner
 
Healthcare Compliance Benchmark Study 2010
Healthcare Compliance Benchmark Study 2010Healthcare Compliance Benchmark Study 2010
Healthcare Compliance Benchmark Study 2010Maria Macri
 
IRJET- Healthcare Management System in Android – “meDKare” Application
IRJET- Healthcare Management System in Android – “meDKare” ApplicationIRJET- Healthcare Management System in Android – “meDKare” Application
IRJET- Healthcare Management System in Android – “meDKare” ApplicationIRJET Journal
 
Healthcare Analytics Market - Asia Outlook (2014-18)
Healthcare Analytics Market - Asia Outlook (2014-18)Healthcare Analytics Market - Asia Outlook (2014-18)
Healthcare Analytics Market - Asia Outlook (2014-18)ResearchFox
 
Uemr Cloud
Uemr CloudUemr Cloud
Uemr CloudHenry Val
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
 
How Big Data Analysis Can Protect You From Fraud
How Big Data Analysis Can Protect You From FraudHow Big Data Analysis Can Protect You From Fraud
How Big Data Analysis Can Protect You From FraudTrendwise Analytics
 
Patient prescription management system
Patient prescription management systemPatient prescription management system
Patient prescription management systemMohand Sakr
 
AAOE Presentation - 2014 healthcare compliance
AAOE Presentation - 2014 healthcare complianceAAOE Presentation - 2014 healthcare compliance
AAOE Presentation - 2014 healthcare complianceJoseph Rugg
 
Group project health_care_informatics[2
Group project health_care_informatics[2Group project health_care_informatics[2
Group project health_care_informatics[2guest1e610e
 
Hospital information system
Hospital information system Hospital information system
Hospital information system Dr. B L Sharma
 
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Erik Ginalick
 
A Guide to the Perfect Christmas Tree
A Guide to the Perfect Christmas TreeA Guide to the Perfect Christmas Tree
A Guide to the Perfect Christmas TreeWSULAWTON
 
Patient presentation 5-24-10
Patient presentation 5-24-10Patient presentation 5-24-10
Patient presentation 5-24-10sagemktg
 

More Related Content

What's hot

Technology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsTechnology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsRichard Cole
 
Pharmacovigilance Training in Oracle Argus Safety Database with Project
Pharmacovigilance Training in Oracle Argus Safety Database with ProjectPharmacovigilance Training in Oracle Argus Safety Database with Project
Pharmacovigilance Training in Oracle Argus Safety Database with ProjectBioMed Informatics
 
E Healthcare Systems Hb Emr Prep Pp
E Healthcare Systems Hb Emr Prep PpE Healthcare Systems Hb Emr Prep Pp
E Healthcare Systems Hb Emr Prep Pphunterberney
 
FHIR for Life Sciences
FHIR for Life SciencesFHIR for Life Sciences
FHIR for Life SciencesCitiusTech
 
Mobile Hospital Management System - Casestudy by RapidValue Solutions
Mobile Hospital Management System - Casestudy by RapidValue SolutionsMobile Hospital Management System - Casestudy by RapidValue Solutions
Mobile Hospital Management System - Casestudy by RapidValue SolutionsRapidValue
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignment
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignmentvincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignment
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignmentvincent barner
 
Healthcare Compliance Benchmark Study 2010
Healthcare Compliance Benchmark Study 2010Healthcare Compliance Benchmark Study 2010
Healthcare Compliance Benchmark Study 2010Maria Macri
 
IRJET- Healthcare Management System in Android – “meDKare” Application
IRJET- Healthcare Management System in Android – “meDKare” ApplicationIRJET- Healthcare Management System in Android – “meDKare” Application
IRJET- Healthcare Management System in Android – “meDKare” ApplicationIRJET Journal
 
Healthcare Analytics Market - Asia Outlook (2014-18)
Healthcare Analytics Market - Asia Outlook (2014-18)Healthcare Analytics Market - Asia Outlook (2014-18)
Healthcare Analytics Market - Asia Outlook (2014-18)ResearchFox
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
 
How Big Data Analysis Can Protect You From Fraud
How Big Data Analysis Can Protect You From FraudHow Big Data Analysis Can Protect You From Fraud
How Big Data Analysis Can Protect You From FraudTrendwise Analytics
 
Patient prescription management system
Patient prescription management systemPatient prescription management system
Patient prescription management systemMohand Sakr
 
AAOE Presentation - 2014 healthcare compliance
AAOE Presentation - 2014 healthcare complianceAAOE Presentation - 2014 healthcare compliance
AAOE Presentation - 2014 healthcare complianceJoseph Rugg
 
Group project health_care_informatics[2
Group project health_care_informatics[2Group project health_care_informatics[2
Group project health_care_informatics[2guest1e610e
 
Hospital information system
Hospital information system Hospital information system
Hospital information system Dr. B L Sharma
 
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Erik Ginalick
 

What's hot (20)

Technology boosts health care compliance, training systems
Technology boosts health care compliance, training systemsTechnology boosts health care compliance, training systems
Technology boosts health care compliance, training systems
 
Pharmacovigilance Training in Oracle Argus Safety Database with Project
Pharmacovigilance Training in Oracle Argus Safety Database with ProjectPharmacovigilance Training in Oracle Argus Safety Database with Project
Pharmacovigilance Training in Oracle Argus Safety Database with Project
 
E Healthcare Systems Hb Emr Prep Pp
E Healthcare Systems Hb Emr Prep PpE Healthcare Systems Hb Emr Prep Pp
E Healthcare Systems Hb Emr Prep Pp
 
Overview of Hospital Information Systems
Overview of Hospital Information SystemsOverview of Hospital Information Systems
Overview of Hospital Information Systems
 
FHIR for Life Sciences
FHIR for Life SciencesFHIR for Life Sciences
FHIR for Life Sciences
 
Mobile Hospital Management System - Casestudy by RapidValue Solutions
Mobile Hospital Management System - Casestudy by RapidValue SolutionsMobile Hospital Management System - Casestudy by RapidValue Solutions
Mobile Hospital Management System - Casestudy by RapidValue Solutions
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected?
 
Hospital management system
Hospital management systemHospital management system
Hospital management system
 
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignment
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignmentvincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignment
vincentbarner_HI-560-Health Care Data Analysis_Unit-9_assignment
 
Healthcare Compliance Benchmark Study 2010
Healthcare Compliance Benchmark Study 2010Healthcare Compliance Benchmark Study 2010
Healthcare Compliance Benchmark Study 2010
 
IRJET- Healthcare Management System in Android – “meDKare” Application
IRJET- Healthcare Management System in Android – “meDKare” ApplicationIRJET- Healthcare Management System in Android – “meDKare” Application
IRJET- Healthcare Management System in Android – “meDKare” Application
 
Healthcare Analytics Market - Asia Outlook (2014-18)
Healthcare Analytics Market - Asia Outlook (2014-18)Healthcare Analytics Market - Asia Outlook (2014-18)
Healthcare Analytics Market - Asia Outlook (2014-18)
 
Uemr Cloud
Uemr CloudUemr Cloud
Uemr Cloud
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
 
How Big Data Analysis Can Protect You From Fraud
How Big Data Analysis Can Protect You From FraudHow Big Data Analysis Can Protect You From Fraud
How Big Data Analysis Can Protect You From Fraud
 
Patient prescription management system
Patient prescription management systemPatient prescription management system
Patient prescription management system
 
AAOE Presentation - 2014 healthcare compliance
AAOE Presentation - 2014 healthcare complianceAAOE Presentation - 2014 healthcare compliance
AAOE Presentation - 2014 healthcare compliance
 
Group project health_care_informatics[2
Group project health_care_informatics[2Group project health_care_informatics[2
Group project health_care_informatics[2
 
Hospital information system
Hospital information system Hospital information system
Hospital information system
 
Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005Understand Benefits Of Electronic Health Records Wp091005
Understand Benefits Of Electronic Health Records Wp091005
 

Viewers also liked

A Guide to the Perfect Christmas Tree
A Guide to the Perfect Christmas TreeA Guide to the Perfect Christmas Tree
A Guide to the Perfect Christmas TreeWSULAWTON
 
Patient presentation 5-24-10
Patient presentation 5-24-10Patient presentation 5-24-10
Patient presentation 5-24-10sagemktg
 
Gsec Corporate_Presentation 0515D
Gsec Corporate_Presentation 0515DGsec Corporate_Presentation 0515D
Gsec Corporate_Presentation 0515DIoannis Georgakakis
 
Gsec corporate presentation 0315
Gsec corporate presentation 0315Gsec corporate presentation 0315
Gsec corporate presentation 0315Ioannis Georgakakis
 
Analyse cerise revait de casablanca marketing territorial
Analyse cerise revait de casablanca marketing territorialAnalyse cerise revait de casablanca marketing territorial
Analyse cerise revait de casablanca marketing territorialRita Belmamoun
 
Kementerian negara dan lembaga pemerintahan non kementerian
Kementerian negara dan lembaga pemerintahan non kementerianKementerian negara dan lembaga pemerintahan non kementerian
Kementerian negara dan lembaga pemerintahan non kementerianYessy Baramulli
 
2015.3勉強会スライド(纐纈)
2015.3勉強会スライド(纐纈)2015.3勉強会スライド(纐纈)
2015.3勉強会スライド(纐纈)Naoya Kouketsu
 
H26大学図書館職員短期研修 参加報告会(纐纈発表)
H26大学図書館職員短期研修 参加報告会(纐纈発表)H26大学図書館職員短期研修 参加報告会(纐纈発表)
H26大学図書館職員短期研修 参加報告会(纐纈発表)Naoya Kouketsu
 
Osama Mostafa Resume
Osama Mostafa ResumeOsama Mostafa Resume
Osama Mostafa ResumeOsama Mostafa
 
Digitális óravázlat
Digitális óravázlatDigitális óravázlat
Digitális óravázlatjeneitiborne
 
Latest Trends in Performance Management
Latest Trends in Performance Management Latest Trends in Performance Management
Latest Trends in Performance Management Manali Vyas
 

Viewers also liked (12)

A Guide to the Perfect Christmas Tree
A Guide to the Perfect Christmas TreeA Guide to the Perfect Christmas Tree
A Guide to the Perfect Christmas Tree
 
Patient presentation 5-24-10
Patient presentation 5-24-10Patient presentation 5-24-10
Patient presentation 5-24-10
 
G1_ emploi
G1_ emploiG1_ emploi
G1_ emploi
 
Gsec Corporate_Presentation 0515D
Gsec Corporate_Presentation 0515DGsec Corporate_Presentation 0515D
Gsec Corporate_Presentation 0515D
 
Gsec corporate presentation 0315
Gsec corporate presentation 0315Gsec corporate presentation 0315
Gsec corporate presentation 0315
 
Analyse cerise revait de casablanca marketing territorial
Analyse cerise revait de casablanca marketing territorialAnalyse cerise revait de casablanca marketing territorial
Analyse cerise revait de casablanca marketing territorial
 
Kementerian negara dan lembaga pemerintahan non kementerian
Kementerian negara dan lembaga pemerintahan non kementerianKementerian negara dan lembaga pemerintahan non kementerian
Kementerian negara dan lembaga pemerintahan non kementerian
 
2015.3勉強会スライド(纐纈)
2015.3勉強会スライド(纐纈)2015.3勉強会スライド(纐纈)
2015.3勉強会スライド(纐纈)
 
H26大学図書館職員短期研修 参加報告会(纐纈発表)
H26大学図書館職員短期研修 参加報告会(纐纈発表)H26大学図書館職員短期研修 参加報告会(纐纈発表)
H26大学図書館職員短期研修 参加報告会(纐纈発表)
 
Osama Mostafa Resume
Osama Mostafa ResumeOsama Mostafa Resume
Osama Mostafa Resume
 
Digitális óravázlat
Digitális óravázlatDigitális óravázlat
Digitális óravázlat
 
Latest Trends in Performance Management
Latest Trends in Performance Management Latest Trends in Performance Management
Latest Trends in Performance Management
 

Similar to Compliance Today

STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docxSTUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docxhanneloremccaffery
 
Electronic medical record 25.04.2021
Electronic medical record 25.04.2021Electronic medical record 25.04.2021
Electronic medical record 25.04.2021Shazia Iqbal
 
Evaluation of a clinical information system (cis)
Evaluation of a clinical information system (cis)Evaluation of a clinical information system (cis)
Evaluation of a clinical information system (cis)nikita024
 
Used Two Specialized Contractors.docx
Used Two Specialized Contractors.docxUsed Two Specialized Contractors.docx
Used Two Specialized Contractors.docxwrite5
 
Play media In our recent Software.docx
Play media In our recent Software.docxPlay media In our recent Software.docx
Play media In our recent Software.docxwrite4
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare SystemAmanda Gray
 
PYA Highlights Next Steps of Meaningful Use
PYA Highlights Next Steps of Meaningful UsePYA Highlights Next Steps of Meaningful Use
PYA Highlights Next Steps of Meaningful UsePYA, P.C.
 
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docxpriestmanmable
 
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docxblondellchancy
 
PROJECT softwares (28 May 14)
PROJECT softwares (28 May 14)PROJECT softwares (28 May 14)
PROJECT softwares (28 May 14)Preeti Sirohi
 
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxPg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxrandymartin91030
 
Evolution Of Health Care Information Systems
Evolution Of Health Care Information SystemsEvolution Of Health Care Information Systems
Evolution Of Health Care Information SystemsLana Sorrels
 
Creating a Compliance Culture
Creating a Compliance CultureCreating a Compliance Culture
Creating a Compliance CultureScott Quick
 
Quality management system model
Quality management system modelQuality management system model
Quality management system modelselinasimpson2601
 
36284_GOJO_EI_Whitepaper_June
36284_GOJO_EI_Whitepaper_June36284_GOJO_EI_Whitepaper_June
36284_GOJO_EI_Whitepaper_JuneTina Magazine
 
Electronic Health Records Implementation Roundtable
Electronic Health Records Implementation RoundtableElectronic Health Records Implementation Roundtable
Electronic Health Records Implementation RoundtableDATAMARK
 
New Age Technology in Healthcare
New Age Technology in HealthcareNew Age Technology in Healthcare
New Age Technology in HealthcareMarcus Selvide
 
What's Ahead for EHRs: Experts Weigh In
What's Ahead for EHRs: Experts Weigh InWhat's Ahead for EHRs: Experts Weigh In
What's Ahead for EHRs: Experts Weigh InBooz Allen Hamilton
 

Similar to Compliance Today (20)

STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docxSTUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
 
Electronic medical record 25.04.2021
Electronic medical record 25.04.2021Electronic medical record 25.04.2021
Electronic medical record 25.04.2021
 
Evaluation of a clinical information system (cis)
Evaluation of a clinical information system (cis)Evaluation of a clinical information system (cis)
Evaluation of a clinical information system (cis)
 
Used Two Specialized Contractors.docx
Used Two Specialized Contractors.docxUsed Two Specialized Contractors.docx
Used Two Specialized Contractors.docx
 
Play media In our recent Software.docx
Play media In our recent Software.docxPlay media In our recent Software.docx
Play media In our recent Software.docx
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare System
 
PYA Highlights Next Steps of Meaningful Use
PYA Highlights Next Steps of Meaningful UsePYA Highlights Next Steps of Meaningful Use
PYA Highlights Next Steps of Meaningful Use
 
Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Overcoming Major Electronic Health Record (EHR) Challenges in 2018Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Overcoming Major Electronic Health Record (EHR) Challenges in 2018
 
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
 
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
6292016 library.ahima.orgPBDataStandards#appxAhttpl.docx
 
PROJECT softwares (28 May 14)
PROJECT softwares (28 May 14)PROJECT softwares (28 May 14)
PROJECT softwares (28 May 14)
 
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxPg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docx
 
Evolution Of Health Care Information Systems
Evolution Of Health Care Information SystemsEvolution Of Health Care Information Systems
Evolution Of Health Care Information Systems
 
Creating a Compliance Culture
Creating a Compliance CultureCreating a Compliance Culture
Creating a Compliance Culture
 
Quality management system model
Quality management system modelQuality management system model
Quality management system model
 
36284_GOJO_EI_Whitepaper_June
36284_GOJO_EI_Whitepaper_June36284_GOJO_EI_Whitepaper_June
36284_GOJO_EI_Whitepaper_June
 
Electronic Health Records Implementation Roundtable
Electronic Health Records Implementation RoundtableElectronic Health Records Implementation Roundtable
Electronic Health Records Implementation Roundtable
 
Quality management model
Quality management modelQuality management model
Quality management model
 
New Age Technology in Healthcare
New Age Technology in HealthcareNew Age Technology in Healthcare
New Age Technology in Healthcare
 
What's Ahead for EHRs: Experts Weigh In
What's Ahead for EHRs: Experts Weigh InWhat's Ahead for EHRs: Experts Weigh In
What's Ahead for EHRs: Experts Weigh In
 

Compliance Today

  • 1. Compliance TODAY November 2014 a publication of the health care compliance association www.hcca-info.org Quality improvement, patient safety, and the zeal to comply: What a CPA and a radiologist bring to Compliance leadership 29 OIG, EHR, and audit logs: Thinking ahead Cornelia M. Dorfschmid and Bernard McClellan 33 Billing data: Tools to maximize data mining efforts Melissa McCarthy 41 Beyond the hospital walls: Compliance with provider-based clinics Wendy Wright 37 Getting and keeping your board engaged Paul P. Jesep an interview with Don Sinko and Mark Sands See page 18 Donald A. Sinko Chief Integrity Officer, Cleveland Clinic Dr. Mark J. Sands Vice Chairman for Clinical Operations & Quality, Cleveland Clinic Imaging Institute; and Chairman, Corporate Compliance Committee This article, published in Compliance Today, appears here with permission from the Health Care Compliance Association. Call HCCA at 888-580-8373 with reprint requests.
  • 2. Compliance Today November 2014 FEATURE by Cornelia M. Dorfschmid, PhD and Bernard McClellan, JD OIG, EHR, and audit logs: Thinking ahead »»Turn EHR audit logs on to manage logs proactively and analyze logs routinely. »»Use audit logs as part of billing monitoring and anti-fraud detection. »»Require written policies and procedures on usage, storage, and configuration management of audit logs to ensure availability and integrity. »»Be prepared to respond to ADR requests for audit logs by contractors who are doing medical reviews. »»Use EHR audit logs to detect vulnerabilities before others do. McClellan 888-580-8373 www.hcca-info.org 29 Electronic health records systems (EHRs) replace traditional paper medical records with computerized record-keeping to document and store patient health information (e.g., patient demographics, progress notes, orders, medications, medical history, and clinical test results) from any healthcare encounter. Software vendors create EHR technology that includes a vari-ety of applications and tools for collecting, managing, and sharing patient information electronically and for clinical decision-making. One of the features of EHR systems includes functionalities that support audit control functions and requirements. Audit functions, such as audit logs that are files gener-ated by usage of the system, track access and changes within a record chronologically by capturing data elements (e.g., date, time, and user stamps) for each update to an EHR. An audit log (a file generated automatically, if the audit function is enabled in the software) can be used to analyze historical patterns that can identify data inconsistencies. EHR-certified systems that include these audit log capabilities are eligible for Meaningful Use criteria and incentive monies. Systems with these audit functions can also support investigative efforts related to fraud and abuse, but may also support claims auditing efforts. As the Office of the Inspector General (OIG) pointed out repeatedly, EHR systems are vulnerable to fraud and abuse due to inappropriate copy-and-pasting (i.e., cloning) and over-documentation (i.e., inserting false or irrelevant documentation to create the appearance of support for higher levels of billing).1 In a recent OIG report of January 2014, OIG found that CMS contractors adopted few program integrity practices specific to EHRs to curb fraud and abuse that occurs when EHR vulnerabilities are exploited.2 A particular OIG concern is how CMS contractors address fraud vulnerabilities directly related to Medicare health claims. OIG notes that audit logs can be used to ana-lyze historical patterns that can identify data inconsistencies. To provide the most benefit in fraud protection, audit logs should always be operational, be stored as long as clinical records, and never be altered. OIG goes fur-ther in noting that few integrity contractors analyze audit logs as part of medical review Cornelia M. Dorfschmid (cdorfschmid@strategicm.com) is Executive Vice President and Bernard McClellan was a Summer Intern at Strategic Management Services in Alexandria, VA. Dorfschmid
  • 3. FEATURE activities. This should give the healthcare industry pause. If CMS’s audit contractors can be expected to request audit logs associated with electronic medical records in a medical review or audit, then healthcare organiza-tions need not only prepare for respond-ing to these record As OIG pointed out, “experts in health information technology requests. They also need to make it their business to know what is going on in their own audit logs and the potential risk they harbor — before CMS contractors will. They harbor both documentation risk and audit risk. They also provide an opportunity to correct and detect risk internally and proac-tively. caution that EHR technology can make it easier to commit fraud.” In other words, audit logs of EHR must be managed! OIG on CMS contractors’ integrity practices related to EHR OIG’s January 2014 study describes how CMS and its contractors implemented program integrity practices in light of widespread EHR adoption. The study produced two key find-ings: (1) CMS and its contractors adopted few program integrity practices specific to EHRs, and (2) CMS provided limited guidance to its contractors on fraud vulnerabilities in EHRs. To address these findings, OIG provided two recommendations to CMS. First, OIG recommended that CMS pro-vide guidance to its contractors on detecting 30 www.hcca-info.org 888-580-8373 Compliance Today November 2014 fraud associated with EHRs. CMS has directed contractors to give special consideration to medical records within an EHR and to con-firm authorship of medical records. However, contractors reported additional guidance is required for review of EHR-based claims. Specifically, CMS should provide more details on reviewing EHR documentation and elec-tronic signatures in EHRs. Second, OIG recommends that CMS direct its contractors to review providers’ audit logs. As OIG pointed out, “experts in health information technol-ogy caution that EHR technology can make it easier to commit fraud.” For instance, the copy-paste feature allows users to replicate information in one source and trans-fer the information to another source. Overuse or inappropriate use of copy-paste could produce inaccurate informa-tion and facilitate fraudulent claims. In addition, some EHRs provide templates that auto-popu-late fields by a single click, resulting in extensive documentation. As OIG notes, the use of audit logs may reveal such data inconsistencies and “provide the most benefit in fraud detection.” Accordingly, “audit logs should always be oper-ational and be stored as long as clinical records.” OIG found that few contractors have adjusted their practices for reviewing EHRs. Only three of 18 Medicare contractors reported the use of audit log data during their reviews or investigative processes. In addition, some contractors reported that they were unable to identify copied language or over-documenta-tion in a medical record (see Table 1, page 31). OIG expressed concern over EHR documenta-tion, because such practices are made easier in an electronic environment. In response, CMS concurred with the recommendation to provide its contractors guidance on detecting fraud associated with EHRs. Specifically, CMS expressed an inten-tion to “develop appropriate guidelines to ensure appropriate use of the copy-paste fea-ture in EHRs.” CMS partially concurred with
  • 4. Compliance Today November 2014 FEATURE 888-580-8373 www.hcca-info.org 31 the recommendation to direct its contractors to use providers’ audit logs. However, CMS did note that audit logs “should be part of a comprehensive approach to reviewing the authenticity of EHRs.” The industry should expect CMS contrac-tors to adjust their program integrity practices specific to EHRs. Provider EHR documenta-tion will be subjected to a higher standard of review. Accordingly, providers should start thinking ahead. Making the most of your audit logs now The OIG’s report should be a warning shot. Providers should take proactive steps now to be ready for any audit log record requests by gov-ernment entities. Providers should also advance their billing monitoring strategies by using the audit logs to detect vulnerabilities. These are steps we recommend to manage audit logs. 1. Develop written procedures to ensure the generation, analysis, and storage for audit logs of EHRs and their availability and integrity. Collaborate on this with IT, Reimbursement, Compliance, and the EHR vendor. Do you log what you want and need? 2. Implement configuration management policies for the EHR that require: • the use of an audit log function that specifies audit log operation and content for tracking EHR updates. • the method (i.e., copy-paste, direct entry, import) for any update to an EHR is documented and tracked. • the user ID of the original author is tracked when an EHR update is entered “on behalf” of another author (i.e., distinguish between entries made by an assistant and a provider). • EHR technology is able to record and indicate the method used to confirm patient identity (i.e., photo identification, prior relationship). • original EHR documents are retained after they are signed off and modifications are tracked as amendments.3 3. Ensure that EHR audit logs remain as written (unaltered) and then are stored properly. Backup and archive procedures are important to ensure availability and authenticity when they are needed. They should be kept at least 6 years to be consistent with HIPAA requirements for electronic PHI, if not longer. Many providers keep them longer, if not indefinitely. 4. Use software analysis tools to regularly analyze audit logs. Involve those who know analytics in your organization to help review them and extract potential patterns. 5. Include results of audit logs analysis in periodic systems activity review meetings. Number of CMS contractors that reported conducting additional review procedures Number of CMS contractors that reported being unable to identify copied language and over-documentation in EHRs Contractor Conduct Additional Review Use Audit Log Data Copied Language Over-documentation MAC 2 out of 8 1 out of 8 4 out of 8 6 out of 8 ZPIC 0 out of 4 1 out of 4 3 out of 6 6 out of 6 RAC 2 out of 6 1 out of 6 2 out of 4 3 out of 4 Table 1: Contractors on use of audit logs, copy-pasting, and over-documentation Source: OIG Report OEI-01-11-00570, p. 6,7
  • 5. and Auditing Issues 1. Developing an Effective Compliance Team 2. Keeping the Health Care Sampling Gains Going 3. Retrospective Versus Contemporaneous Reviews 4. The Atorney-Client Privilege in the Context of Health Care Compliance Investigations FEATURE Monitoring and Auditing 5. Financial Relationships With Physicians: Auditing and Monitoring Anti-Kickback Statute and Stark Law Compliance 6. Creating Databases of Financial Relationships 7. Developing a Voluntary Disclosure and Refund 8. Medicaid Program Provider Self-Audits The HIPAA security officer may want to inquire about these audit logs. 6. Develop specific data analysis of patterns in audit logs to detect copy-paste and over-documentation 32 www.hcca-info.org 888-580-8373 Compliance Today November 2014 risk. Develop metrics or profiles that can be checked routinely to assess if a user or physician falls out of profile. For example, you may examine: • the ratio between average usage time per session and average record length of entries into a patient record (bit size increase or text length) to assess a physician profile. If very low, this may raise some questions. • the ratio of time online to size of a clinical record generated. • if copy-paste activity can be captured in the audit logs as an event, and study frequent users and claims where the function has been used. • the frequency of copy-pasting in a sample of high-level evaluation and management (E/M) or high-dollar claims and any activities/events captured in the audit logs of those records. 7. Interview clinical users as to the ease of use or misuse of copy-paste and documentation features. They may tell you about their likes/dislikes and along with those, risks inherent in the current configuration and usage. 8. Turn on the audit logs and plan for backup, storage, and retrieval. 9. Consider audit logs sensitive information that is not handled or controlled by end-users, but is the responsibility of Information Security and Compliance. 10. Experiment. It is data that can tell a story. 1. Office of the Inspector General: Not all recommended fraud safeguards have been implemented in hospital EHR technology (OEI-01-11-00570). December 2013. Available at http://1.usa.gov/1vrnkWx 2. OIG: CMS and its contractors have adopted few program integrity practices to address vulnerabilities in EHRS (OEI-01-11-00571). January 2014. Available at http://1.usa.gov/1fVwo24 3. See OEI-01-11-00570, Table 1 RTI recommendations, p. 4 & Order Form Qty HCCA Member Price . . . . . . . . . . . . . . . . . . . . . . . $49.95 Non-member Price $59.95 Join HCCA! Non-members, add $200 and pay the member price for your order $200.00 (Regular dues $295/year) Second edition Mail check to: HCCA, 6500 Barrie Road, Suite 250 Minneapolis, MN 55435 Or fax to: 952-988-0146 Total: $  My organization is tax exempt Monitoring Auditing Practices for EffEctivE compliancE Part I. Basic Compliance Monitoring and Auditing Issues 1. Developing an Effective Compliance Team 2. Keeping the Health Care Sampling Gains Going 3. Retrospective Versus Contemporaneous Reviews 4. The Attorney-Client Privilege in the Context of Health Care Compliance Investigations  Part II. Voluntary Compliance Monitoring and Auditing 5. Financial Relationships With Physicians: Auditing and Monitoring Anti-Kickback Statute and Stark Law Compliance 6. Creating Databases of Financial Relationships 7. Developing a Voluntary Disclosure and Refund 8. Medicaid Program Provider Self-Audits Part III. Mandatory Compliance Monitoring and Auditing 9. Corporate Integrity Agreement Negotiations 10. Preparing for an Independent Review Organization Engagement See what’s inside: Order Form Monitoring and Auditing 9. Corporate Integrity Agreement Negotiations 10. Preparing for an Independent Review Organization Engagement 888-580-8373 www.hcca-info.org/MonitoringAuditingPractices