No need to disable ctrl-c/ctrl-v in EHRs
The government’s pledge to ferret out copy-and-paste fraud is causing some hospitals to ask their electronic health record (EHR) vendors to disable the common "control-c/control-v" feature altogether. But don’t rush to that extreme remedy.
First, it’s not so easy to do. That common copy-and-paste command usually is built into the local computer environment — the Microsoft operating system on your computer, for instance — rather than the EHR technology itself. A skilled programmer might be able to block the feature, but it is not as easy as calling your vendor rep.
Blocking the feature also is not necessary to avoid fraud, says Robert Hitchcock, MD, FACEP, a practicing ED physician and an Emergency Department Practice Management Association (EDPMA) board member. He also is vice president of T-System, a company based in Dallas that provides consulting on regulatory issues.
"There was a knee-jerk reaction to turn this thing off, and that was coming from the risk folks at the hospital, not from the clinicians," he says. "The better move is to educate people about the risks. There are places where these tools are appropriate and even beneficial."
Retyping information anew for each patient visit actually can introduce errors into the record, Hitchcock notes. His own policy on copy and paste is that it should not be used at all in the history and physical portion of the visit documentation, but otherwise it can be used judiciously.
Require validation of copied data
Another good move is to work with vendors to ensure that features are less "copy and paste" and more like "copy, validate, and paste," Hitchcock says. The EHR should minimize the automatic transfer of data or the automatic generation of data in forms. Instead, it should require the clinician to view that information and confirm it as correct before entering it in the new record.
Hitchcock also suggests providers take a good look at why these features are so enticing to clinicians. The move to electronic documentation has greatly increased the data entry demands for physicians, while at the same time making common blocks of data available for easy retrieval, he says.
"The demands of using an EHR are so great that you almost have to use some sort of crutch or shortcut," Hitchcock says. "More importantly, the primary use of the data generated in these visits is for billing and coding purposes, not for medical record documentation and communication of care to the next provider. The way to get a ton of information in the record that CMS requires is through this copy-and-paste functionality."
Also note that the OIG found hospitals were not adequately using the audit function built into most EHRs, says Jeff Helton, PhD, CMA, CFE, FHFMA, assistant professor of healthcare management at the School of Professional Studies at Metropolitan State University of Denver. "Everyone is mostly concerned with staying compliant with HIPAA, rather than looking for opportunities to ensure the integrity of the medical record," Helton says. "If a risk manager were to routinely look at the audit log in an EHR, you could see how much the cut-and-paste function is being used, who is using it, and how much you are at risk for fraud."
Indiscriminate use of copy and paste most often will result in sloppy records and nonsensical entries for a patient rather than upcoding and outright fraud, Helton says. However, any incorrect entries can lead to fraud charges if the government investigates.
Helton’s message for providers is, "You can use cut and paste, but use it with caution."
- Jeff Helton, PhD, CMA, CFE, FHFMA, Assistant Professor of Healthcare Management, School of Professional Studies, Metropolitan State University of Denver. Telephone: (303) 556-3130. Email: [email protected].
