Skip to main content


EHR "Copy/Paste" Fraud Risk

Mar 30, 2014 08:32PM ● By MED Magazine
By Rhoda Lagerquist, Eide Bailly, LLP  
Image title
The OIG released two reports regarding EHR vulnerabilities and fraud safeguards: "Not all recommended fraud safeguards have been implemented in hospital EHR technology" OEI-01-11-00570 December 2013; and "CMS and its contractors have adopted few program integrity practices to address vulnerabilities in EHRS" OEI-01-11-00571 January 2014. If the OIG is looking at copy/paste in EHRs, your facility should ensure that policies have been implemented regarding the use of the copy/paste feature in your EHR software to prevent potential misuse and fraud. 
The OIG recommends that the CMS direct its various contractors to dig into the audit data, and to give these contractors more guidance in general on spotting EHR-enabled fraud. These contractors include Medicare Administrative Contractors (MAC), Zone Program Integrity Contractors (ZPIC), and Recovery Audit Contractors (RAC). The OIG has also recommended that the Office of National Coordinator (ONC) develop a plan to address EHR fraud vulnerabilities. 
Copy/paste or "cloning" may allow a provider to take information from one source and insert it at a different location. This information may or may not be clarified for accuracy and relevancy to the patient's current medical status. If the copied information is not clarified, nor relevant, it could be used to fraudulently bill a higher level of care or influence the care given to a patient because of inaccurate medical information on the patient's current condition. Kathleen Sebelius, HHS Secretary, stated: "False documentation of care is not just bad patient care; it's illegal." 
Identify if Copy/Paste is Being Misused 
How can you tell if the copy/paste function is being inappropriately used at your facility? Do you see the same information repeated over and over again? Is the same physical exam in the H&P, progress notes and/or discharge summary? Or is the same progress note repeated over a number of days? If so, your facility may be at risk. Concerned about the risk for EHR fraud in your office? Read Rita’s tips for preventing copy/paste issues, including what to look for in your audit logs, at our website. 
How to Prevent Copy/Paste Issues 
Here are some steps to take now: 

  • Review your audit logs to ensure the following is captured: 
     o The date and time of a change or use of the chart 
     o Identity of the patient 
     o Identity of the EHR user 
     o The type of action, such as entering, revising, or deleting data, printing or copying data 
     o The patent data being accessed 
  • Review a sample of medical records from the audit log to determine if the copy/paste function was used appropriately. If the function was used, determine if the inserted information was pertinent to the patient's current medical conditions and if inserted information was valid and accurate. Education of appropriate use of copy/paste may be needed. 
  • Compare claims submitted with information contained within the medical record to ensure appropriate billing was submitted. 

Watch for CMS guidelines on the proper use of copy/paste features of EHRs to ensure that this feature is used appropriately for enhancing clinical efficiency. 
Rhoda Lagerquiest is a Healthcare Consulting Manager with Eide Bailly, LLP.

Get exclusive access to the digital edition of MED Magazine (and no spam ever!)

* indicates required