Skip Navigation

 

May 2007

Recommended Requirements

for Enhancing Data Quality

in Electronic Health Records

Final Report

Executive Summary

Prepared for

Kathleen H. Fyffe

Senior Advisor

The Office of the National Coordinator

for Health Information Technology

U.S. Department of Health and Human Services

330 C Street SW, Room 4090

Switzer Building

Washington, DC 20201

Prepared by

RTI International

3040 Cornwallis Road

Research Triangle Park, NC 27709

RTI Project Number 0208490.035.005

Executive Summary

ES.1 Introduction

The rising cost of health care has become a major issue in the United States. In 2005, the United States spent $1.98 trillion, or 16% of its gross domestic product (GDP), on health care. By 2016, health care expenditures are projected to surpass $4.1 trillion, or 19.6% of GDP.1,2 In 2006, the National Coalition on Health Care (NCHC) noted that “inappropriate care, waste and fraud” were major contributors to the cost of medical care and health insurance.3

Electronic health record systems (EHR-S) are the key to the transformation of health care.
EHR-S can

Thus, widespread use of EHR-S has the potential to improve the quality of care, increase patient safety, reduce medical errors, and control health care costs. The notion that EHR-S can be leveraged in such a wide variety of ways is central to this project.

ES.2 Purpose and Objectives

The primary purpose of this project is to identify requirements for EHR-S that can help enhance data protections, such as increased data validity, accuracy and integrity including appropriate fraud management Fraud management is defined as the prevention, detection, and prosecution of fraud. which would prevent fraud For the purposes of this report, fraud is defined generally as a deliberately false representation of fact or a failure to disclose a fact that is material to a health care transaction. This includes but is not limited to deliberate submittal of false claims to private health insurance plans and/or tax-funded public health insurance programs such as Medicare and Medicaid. A more complete definition for health care fraud is in Appendix C. from occurring, as well as detect fraud both prospectively and retrospectively. A key component of creating these recommended requirements is to overlap whenever possible with those requirements currently in use for EHR certification. For example, authentication is required for privacy and confidentiality, but it is just as useful for preventing and detecting fraud. All of the requirements identified through this project are framed as recommendations to the industry.

The deliverables for this project are as follows:

1. A set of recommended requirements for EHR-S that will help prevent fraud from occurring, as well as detect fraud prospectively and retrospectively, with each requirement having an accompanying rationale

2. The identification of technical standards that will need to be harmonized so that the recommended requirements can be implemented in an interoperable fashion

3. A map between the anti-fraud requirements and certification criteria so that the recommended requirements can be ultimately embedded in certified EHR-S

4. Recommended next steps for education and research, as well as for implementing the anti-fraud requirements

While the focus of this project is on enhancing data accuracy, including the detection and prevention of fraud, it is important to emphasize the following points:

The transforming nature of EHR-S can benefit clinicians, patients, and payers by reducing human error and improper payment. EHR-S can also help detect and deter health care fraud, protecting both clinicians and patients by documenting that correct procedures were used, highlighting outliers before they become serious issues, and giving patients a clearer understanding and peace of mind that their health records are being disclosed only to appropriately authorized users.

Although requirements that enhance data accuracy might overlap with current EHR certification criteria, thought must be given specifically to the criteria that will help combat both large- and small-scale suspected fraud, as well as accentuate the potential benefits of these systems with regard to reducing improper payment and human error. While a component of combating fraud is the ability to trace and audit information that may be used in prosecution, these same functionalities can be used to ensure information validity over time, which can protect both clinicians and patients. The ability to definitively show that correct procedures were used, use audit functionality as an “early warning system” to locate outliers before they become serious issues, or to provide patients with a clearer understanding and peace of mind that their records are being disclosed only to appropriately authorized users are all factors that can benefit all major stakeholders, from clinicians to patients to payers.

The Office of the National Coordinator for Health Information Technology (ONC) is responsible for overseeing activities that will realize the vision set by President George W. Bush in April 2004 to develop and implement a strategic plan to guide the nationwide implementation of interoperable HIT in both the public and private health care sectors. Through a series of initiatives, ONC has advanced this goal considerably over the past 3 years and continues to pave the way for HIT adoption across the country. In addition to moving the current directives forward, ONC is charged with planning for the future, such as anticipating the potential benefits of such a system. Designing enhanced data protections into EHR-S and the Nationwide Health Information Network (NHIN) has the potential to significantly reduce health care losses due to improper documentation and fraud.4

ES.3 Methodology and Rationale

In late 2006, ONC contracted with RTI International for a project involving three tasks: (1)develop recommendations for functional requirements for EHR-S that would enhance data by reducing the incidence of improper payment and assisting in fraud management, (2) validate the recommendations through public comment, and (3) work with appropriate HIT organizations to encourage adoption of the recommendations.

The basis for this project followed a subset of the 10 Guiding Principles The 10 Guiding Principles are listed in Appendix B. outlined in the September 2005 Report on the Use of Health Information Technology to Enhance and Expand Health Care Anti-Fraud Activities by the American Health Information Management Association’s (AHIMA’s) Foundation of Research and Education (FORE).4 First, the NHIN policies, procedures, and standards must proactively prevent, detect, and support prosecution of health care fraud rather than be neutral toward it. Second, EHR standards must define requirements to promote fraud management and minimize opportunities for fraud and abuse, consistent with the use of EHRs for patient care purposes. Third, data required from the NHIN for monitoring fraud and abuse must be derived from the NHIN’s operations and must not require additional data transactions. In addition to these three principles, one of this project’s important decisions was that fraud management requirements also can be used to improve the accuracy and quality of documentation for the large majority of clinicians who are not involved in fraudulent activity.

The project’s first task involved the creation of the Model Requirements Executive Team (MRET), which brought together industry experts from various private and public stakeholder groups with multiple backgrounds in order to develop a set of recommendations for enhanced accuracy and fraud management requirements for Electronic Health Records (EHRs). The MRET worked in two groups, one that focused on prevention functions and another that focused on prospective and retrospective functions. Prevention functions are those that occur prior to and during the documentation process in an EHR. Prospective functions are those that occur after EHR documentation occurs but before a payment is made on any claim based on the EHR documentation. Retrospective functions are those that occur after a claim has been paid. Following the Guiding Principles outlined above, all requirements were constructed based on their ability to enable prevention of fraud management rather than remain neutral toward it, their ability to do this without impeding delivery of timely services to the patient, and to the extent possible, their ability to minimize EHR software programming and administrative costs associated with the recommended functions.

The next task validated the MRET recommendations through a public comment process by which the recommended requirements were released to the public using online tools to gather feedback from all interested parties. The majority of public comments fell into one of five categories:

In response to the public comments, the MRET eliminated or modified requirements as necessary and developed a final set of recommendations for the requirements. These requirements were supported by the vast majority of public responders and achieved high consensus among the members of the MRET.

Finally, the project staff worked closely with the leadership of the Health Information Technology and Security Standards Panel (HITSP) and the Certification Commission for Health Information Technology (CCHIT) to determine the most appropriate procedures for considering the recommended requirements in upcoming review cycles of each group. Each organization emphasized the importance of balancing the needs of enhancing accuracy, fraud management, and risk reductions that might enhance EHR-S against concerns that might inhibit EHR adoption. Productive conversations about both the costs and benefits of the recommended requirements led to feasible and actionable solutions that encouraged strong consideration within both groups.

ES.4 Recommendations

The recommended requirements for EHR-S developed herein provide the initial building blocks for increasing accuracy and fraud management within the health care system. Great efforts have been made to ensure the privacy and security of EHR data, but a deliberate effort to build these functional requirements into EHR-S and the NHIN could also increase data quality and reduce exposure to new and ever-evolving forms of electronically enabled health care fraud.4

This project produced 14 recommended functional requirements that, if included in EHR-S, would increase data accuracy and would aid in fraud management:

1. Audit Functions and Features

2. Provider Identification

3. User Access Authorization

4. Documentation Process Issues

5. Evaluation and Management (E&M) Coding

6. Proxy Authorship

7. Record Modification after Signature

8. Auditor Access to Patient Records

9. EHR Traceability

10. Patient Involvement in Anti-Fraud

11. Patient Identity-Proofing

12. Structured and Coded Data

13. Integrity of EHR Transmission

14. Accurate Linkage of Claims to Clinical Records

Each of these requirements was linked to current or planned CCHIT and Health Level 7 (HL7) criteria The CCHIT roadmap establishes the areas of focus for the workgroups for future certification cycles by establishing future milestones. where applicable. Twenty-two percent of the recommended requirements developed by the MRET map closely to existing CCHIT criteria. Another 45% of the requirements had some foundation in the current or planned criteria, but would require additions or modifications to support an active stance against fraud in EHR-S. Finally, 33% of the recommendations were found to have no match to current or planned criteria. These findings indicate that there is a significant base in current standards and certification requirements upon which to build proactive fraud management capabilities, but further work is required. Updating these current criteria would certainly provide a significant win for reducing costs associated with this current and growing problem.

The overwhelming majority of clinicians do not commit fraud and should not be burdened by mechanisms aimed solely at the few who do. Therefore, the recommended requirements also are directed at helping the majority, as they support quality of care through reduced errors and promote good documentation practices, as well as assist in fraud management, including protections against unmerited accusations of fraud and strengthened proofs of legitimacy. It is recommended that these requirements be considered among the many other improvements to be built into the emerging generation of EHR-S that are interoperable in the NHIN.

ES.5 Moving Forward

The activities undertaken in this project are simply the latest steps in an ongoing process to develop and integrate effective anti-fraud measures in the evolving HER-S requirements. Our efforts to date were constrained by time and resources and were not intended to produce a comprehensive solution to the fraud problem. Instead, our efforts are intended to raise awareness of the need to be proactive regarding the problems of fraud, rather than neutral or passive, and to encourage a dialogue between all parties interested in enhancing the accuracy of data in EHR-S.

At the conclusion of this project, the following suggestions are provided to ensure a continual, long-term approach to ensuring the integrity, validity, and accuracy of health record data. A full supporting explanation for each suggestion is provided in Chapter 5 of the report.

1: Current processes that are shaping the direction of HIT must be guided to advance health care information validity, accuracy, and integrity protections, including health care fraud management, in order to meet their future goals and objectives.

1.1: ONC should include fraud management as one of its basic tenets in the next version of the Strategic Framework.

1.2: ONC must articulate the need to advance health information validity, accuracy, integrity, and fraud management functionalities to the American Health Information Community (AHIC) so that the appropriate use cases may be developed for HITSP and CCHIT.

1.3: Guidelines should be developed for both vendors and users of EHR-S regarding the appropriate use of documentation techniques to ensure complete, accurate, and quality documentation.

2: Given that this project narrowly focused on anti-fraud requirements for EHR-S; fraud management requirements for HIE/NHIN infrastructure and plans for their deployment should developed.

3: Greater efforts should be made to understand the concerns and opinions of all affected stakeholder groups regarding requirements that discourage fraud within EHR-S.

4: Further analysis is required to better quantify and characterize the current fraud activity as it relates to EHR-S, either as a tool for fraud or a potential source for fraud management. This should include an investigation into ways in which the appropriate entities in health care can work with law enforcement to communicate to providers how fraud schemes and fraud “rings” operate.

5: Stimulate advancements in the data aggregation process beyond the institutional level so that advanced analytics can detect trends and anomalies.

6: Increase consumer awareness of health care fraud and the role HIT, such as EHRs and PHRs, play in its reduction.

7: Educate health care stakeholders to a greater degree on the benefits of EHR-S containing requirements on health information validity, accuracy, and integrity and the impact these requirements will have on fraud management.

8: A designated position and supporting staff within ONC should be created to:

8.1 oversee and encourage the adoption of the recommended requirements developed under this project within CCHIT, HITSP, and other organizations responsible for the evolving NHIN;

8.2 develop future contracts to evolve and refine the functional requirements; and

8.3 oversee future research and analysis in this area.