EHR audit finds few hospitals with copy-and-paste policies
Without policies governing the use of copying and pasting health information into EHRs, hospitals are vulnerable to fraud and abuse, according to an audit released by the Department of Health & Human Services' Office of Inspector General (OIG).
The report was based on a voluntary survey of all 864 hospitals that had received EHR subsidy payments as of March 2012 which found that only 24 percent of hospitals reported having a policy regarding the improper use of copy-and-paste functions within EHR systems.
Sixty-one percent of those policies placed responsibility on the EHR user to confirm that the copied data are accurate. However, "Even the hospitals that had policies seemed to have limited control over the use of the copy-paste feature," according to the report.
The report also found that:
- 44 percent of hospitals' "audit log" systems could record when cut-and-paste features were used to enter data; and
- 44 percent of hospitals reported they can delete the contents of their internal audit logs at will.
In response to the report, CMS Administrator Marilyn Tavenner and acting National Coordinator for Health IT Jacob Reider, MD, said they are working to develop a "comprehensive plan to detect and reduce fraud" in EHR systems.
In addition, the federal officials said they were working to develop national policies on the functionality of audit logs and copy-and-paste features.
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.