Today marks the last day for hospitals to return an 18-page, 54 question survey inquiring about their EHR practices, security, coding and other potential EHR fraud and abuse vulnerabilities. Hospitals using certified EHR technology who received Meaningful Use incentive payments between January 1, 2011 through March 31, 2012 received the survey from the HHS Office of the Inspector General (OIG) last week/early this week and were asked to return it by the end of today.
The survey is part of the OIG's 148-page FY2013 Work Plan that summarizes OIG's fraud and abuse focus areas and planned reviews and activities for the year. Whether coincidental or not, the survey's timing comes on the heels of three hotly contested letters surrounding EHRs and the CMS Meaningful Use Incentive Programs.
First came the warning letter issued by Secretary of the Department of Health and Human Services, Kathleen Sebelius, and U.S. Attorney General, Eric Holder, to hospital associations warning them of EHR fraud and abuse through cloning medial records and upcoding. This was quickly followed by a letter from House Representatives calling for the suspension of the Meaningful Use program, and then a second letter from four Senators requesting a meeting, by no later than today, to discuss Stage 2 of Meaningful Use.
CMS has explicitly made it clear from the beginning that false claims associated with Meaningful Use will be subject to recoupment of any incentive payments received and may result in further liability. Now, not only will CMS or state Medicaid agencies audit providers to identify payments which were improperly made, but OIG may not be far behind.
The majority of the survey questions focus on areas that could potentially implicate inappropriate EHR practices, including "copy and paste" functions and policies, diagnoses and procedure coding, physician and nursing progress notes, as well as security practices, such as user authorization and access controls, third-party accesses to EHRs and patient EHR access. However, it is clear from OIG's Work Plan that it is carefully examining both Meaningful Use payments received by providers and CMS safeguards in place to identify erroneous payments. Likewise, the Work Plan states OIG plans on reviewing OCR oversight activities of HIPAA and HITECH.
The American Hospital Association is asking all hospitals to copy it on their answers by email at firstname.lastname@example.org.