Prepared for:
Kathleen H. Fyffe
Senior Advisor
The Office of the National Coordinator
for Health Information Technology
U.S. Department of Health and Human Services
330 C Street SW, Room 4090
Switzer Building
Washington, DC 20201
Prepared by:
RTI International
3040 Cornwallis Road
Research Triangle Park, NC 27709
Contract: HHSP233200600009T-233-02-0090
RTI Project Number 0208490.035.005
RTI International is a trade name of Research Triangle Institute.
ES.1 Introduction
The rising cost of health care has become a major issue in the United States. In 2005, the United States spent $1.98 trillion, or 16% of its gross domestic product (GDP), on health care. By 2016, health care expenditures are projected to surpass $4.1 trillion, or 19.6% of GDP.1,2 In 2006, the National Coalition on Health Care (NCHC) noted that “inappropriate care, waste and fraud” were major contributors to the cost of medical care and health insurance.3
Electronic health record systems (EHR-S) are the key to the transformation of health care.
EHR-S can
Thus, widespread use of EHR-S has the potential to improve the quality of care, increase patient safety, reduce medical errors, and control health care costs. The notion that EHR-S can be leveraged in such a wide variety of ways is central to this project.
ES.2 Purpose and Objectives
The primary purpose of this project is to identify requirements for EHR-S that can help enhance data protections, such as increased data validity, accuracy and integrity including appropriate fraud managementˆ which would prevent fraud† from occurring, as well as detect fraud both prospectively and retrospectively. A key component of creating these recommended requirements is to overlap whenever possible with those requirements currently in use for EHR certification. For example, authentication is required for privacy and confidentiality, but it is just as useful for preventing and detecting fraud. All of the requirements identified through this project are framed as recommendations to the industry.
The deliverables for this project are as follows:
While the focus of this project is on enhancing data accuracy, including the detection and prevention of fraud, it is important to emphasize the following points:
The transforming nature of EHR-S can benefit clinicians, patients, and payers by reducing human error and improper payment. EHR-S can also help detect and deter health care fraud, protecting both clinicians and patients by documenting that correct procedures were used, highlighting outliers before they become serious issues, and giving patients a clearer understanding and peace of mind that their health records are being disclosed only to appropriately authorized users.
Although requirements that enhance data accuracy might overlap with current EHR certification criteria, thought must be given specifically to the criteria that will help combat both large- and small-scale suspected fraud, as well as accentuate the potential benefits of these systems with regard to reducing improper payment and human error. While a component of combating fraud is the ability to trace and audit information that may be used in prosecution, these same functionalities can be used to ensure information validity over time, which can protect both clinicians and patients. The ability to definitively show that correct procedures were used, use audit functionality as an “early warning system” to locate outliers before they become serious issues, or to provide patients with a clearer understanding and peace of mind that their records are being disclosed only to appropriately authorized users are all factors that can benefit all major stakeholders, from clinicians to patients to payers.
The Office of the National Coordinator for Health Information Technology (ONC) is responsible for overseeing activities that will realize the vision set by President George W. Bush in April 2004 to develop and implement a strategic plan to guide the nationwide implementation of interoperable HIT in both the public and private health care sectors. Through a series of initiatives, ONC has advanced this goal considerably over the past 3 years and continues to pave the way for HIT adoption across the country. In addition to moving the current directives forward, ONC is charged with planning for the future, such as anticipating the potential benefits of such a system. Designing enhanced data protections into EHR-S and the Nationwide Health Information Network (NHIN) has the potential to significantly reduce health care losses due to improper documentation and fraud.4
ES.3 Methodology and Rationale
In late 2006, ONC contracted with RTI International for a project involving three tasks: (1) develop recommendations for functional requirements for EHR-S that would enhance data by reducing the incidence of improper payment and assisting in fraud management, (2) validate the recommendations through public comment, and (3) work with appropriate HIT organizations to encourage adoption of the recommendations.
The basis for this project followed a subset of the 10 Guiding Principles‡ outlined in the September 2005 Report on the Use of Health Information Technology to Enhance and Expand Health Care Anti-Fraud Activities by the American Health Information Management Association’s (AHIMA’s) Foundation of Research and Education (FORE).4 First, the NHIN policies, procedures, and standards must proactively prevent, detect, and support prosecution of health care fraud rather than be neutral toward it. Second, EHR standards must define requirements to promote fraud management and minimize opportunities for fraud and abuse, consistent with the use of EHRs for patient care purposes. Third, data required from the NHIN for monitoring fraud and abuse must be derived from the NHIN’s operations and must not require additional data transactions. In addition to these three principles, one of this project’s important decisions was that fraud management requirements also can be used to improve the accuracy and quality of documentation for the large majority of clinicians who are not involved in fraudulent activity.
The project’s first task involved the creation of the Model Requirements Executive Team (MRET), which brought together industry experts from various private and public stakeholder groups with multiple backgrounds in order to develop a set of recommendations for enhanced accuracy and fraud management requirements for Electronic Health Records (EHRs). The MRET worked in two groups, one that focused on prevention functions and another that focused on prospective and retrospective functions. Prevention functions are those that occur prior to and during the documentation process in an EHR. Prospective functions are those that occur after EHR documentation occurs but before a payment is made on any claim based on the EHR documentation. Retrospective functions are those that occur after a claim has been paid. Following the Guiding Principles outlined above, all requirements were constructed based on their ability to enable prevention of fraud management rather than remain neutral toward it, their ability to do this without impeding delivery of timely services to the patient, and to the extent possible, their ability to minimize EHR software programming and administrative costs associated with the recommended functions.
The next task validated the MRET recommendations through a public comment process by which the recommended requirements were released to the public using online tools to gather feedback from all interested parties. The majority of public comments fell into one of five categories:
In response to the public comments, the MRET eliminated or modified requirements as necessary and developed a final set of recommendations for the requirements. These requirements were supported by the vast majority of public responders and achieved high consensus among the members of the MRET.
Finally, the project staff worked closely with the leadership of the Health Information Technology and Security Standards Panel (HITSP) and the Certification Commission for Health Information Technology (CCHIT) to determine the most appropriate procedures for considering the recommended requirements in upcoming review cycles of each group. Each organization emphasized the importance of balancing the needs of enhancing accuracy, fraud management, and risk reductions that might enhance EHR-S against concerns that might inhibit EHR adoption. Productive conversations about both the costs and benefits of the recommended requirements led to feasible and actionable solutions that encouraged strong consideration within both groups.
ES.4 Recommendations
The recommended requirements for EHR-S developed herein provide the initial building blocks for increasing accuracy and fraud management within the health care system. Great efforts have been made to ensure the privacy and security of EHR data, but a deliberate effort to build these functional requirements into EHR-S and the NHIN could also increase data quality and reduce exposure to new and ever-evolving forms of electronically enabled health care fraud.4
This project produced 14 recommended functional requirements that, if included in EHR-S, would increase data accuracy and would aid in fraud management:
Each of these requirements was linked to current or planned CCHIT and Health Level 7 (HL7) criteria• where applicable. Twenty-two percent of the recommended requirements developed by the MRET map closely to existing CCHIT criteria. Another 45% of the requirements had some foundation in the current or planned criteria, but would require additions or modifications to support an active stance against fraud in EHR-S. Finally, 33% of the recommendations were found to have no match to current or planned criteria. These findings indicate that there is a significant base in current standards and certification requirements upon which to build proactive fraud management capabilities, but further work is required. Updating these current criteria would certainly provide a significant win for reducing costs associated with this current and growing problem.
The overwhelming majority of clinicians do not commit fraud and should not be burdened by mechanisms aimed solely at the few who do. Therefore, the recommended requirements also are directed at helping the majority, as they support quality of care through reduced errors and promote good documentation practices, as well as assist in fraud management, including protections against unmerited accusations of fraud and strengthened proofs of legitimacy. It is recommended that these requirements be considered among the many other improvements to be built into the emerging generation of EHR-S that are interoperable in the NHIN.
ES.5 Moving Forward
The activities undertaken in this project are simply the latest steps in an ongoing process to develop and integrate effective anti-fraud measures in the evolving HER-S requirements. Our efforts to date were constrained by time and resources and were not intended to produce a comprehensive solution to the fraud problem. Instead, our efforts are intended to raise awareness of the need to be proactive regarding the problems of fraud, rather than neutral or passive, and to encourage a dialogue between all parties interested in enhancing the accuracy of data in EHR-S.
At the conclusion of this project, the following suggestions are provided to ensure a continual, long-term approach to ensuring the integrity, validity, and accuracy of health record data. A full supporting explanation for each suggestion is provided in Chapter 5 of the report.
1. Centers for Medicare & Medicaid Services (CMS). “National Health Expenditures Aggregate, Per Capita Amounts, Percent Distribution, and Average Annual Percent Growth, by Source of Funds: Selected Calendar Years 1960-2005.” and Baltimore, MD: Department of the Treasury, the Office of the Chief Actuary, Social Security Administration, and the Office of the Actuary, Centers for Medicare and Medicaid Services. As accessed May 18, 2007, from http://www.cms.hhs.gov/NationalHealthExpendData/.
2. Centers for Medicare & Medicaid Services (CMS). “National Health Expenditure Projections 2006-2016.” Baltimore, MD: Department of the Treasury, the Office of the Chief Actuary, Social Security Administration, and the Office of the Actuary, Centers for Medicare and Medicaid Services. As accessed May 18, 2007, from http://www.cms.hhs.gov/NationalHealthExpendData/.
3. National Coalition on Health Care (NCHC) (2007). Health Insurance Cost: Facts on the Cost of Health Care. Washington, DC: National Coalition on Health Care. <http://www.nchc.org/facts/cost.shtml>.
4. Foundation of Research and Education, American Health Information Management Association (FORE, AHIMA) (2005). Report on the Use of Health Information Technology to Enhance and Expand Health Care Anti-Fraud Activities. Prepared for The Office of the National Coordinator, U.S. Department of Health and Human Services. Chicago, IL: Foundation of Research and Education, American Health Information Management Association. <http://www.hhs.gov/healthit/documents/ReportOnTheUse.pdf>.
ˆ Fraud management is defined as the prevention, detection, and prosecution of fraud.
† For the purposes of this report, fraud is defined generally as a deliberately false representation of fact or a failure to disclose a fact that is material to a health care transaction. This includes but is not limited to deliberate submittal of false claims to private health insurance plans and/or tax-funded public health insurance programs such as Medicare and Medicaid. A more complete definition for health care fraud is in Appendix C.
‡ The 10 Guiding Principles are listed in Appendix B of the full report.
• The CCHIT roadmap establishes the areas of focus for the workgroups for future certification cycles by establishing future milestones.