If healthcare was a chemical solution, and relevant technologies were solutes – the mixture would quickly become a fragmented clump of, well…various technologies. The healthcare market is over-saturated with technology designed to “fix” the present problems plaguing the ecosystem. Of course, in a paradoxical twist of fate, these solutions come with a new set of problems. In some instances, technology may assist one involved party and the detriment of the other, and thus conflict arises, further complicating the engagement. In an area as heavily regulated as healthcare, this can become quite an entanglement.

Technology began as the conversion of natural resources into functional, simplistic tools. In the 21st century, the definition of technology has certainly evolved – and the relationship between man and machine has become much more involved. Some of the first tools created for human use were sticks whittled into spears. Today, we’re facing flying cars, robotic surgeons, and electronic health records. If you’re thinking, One of these things is not like the other, you’re correct. Electronic health records are seemingly the most benign of all the modern technologies listed above, but they’re used to facilitate a multi-billion-dollar criminal enterprise: healthcare fraud.

Electronic health records were created to represent a digital version of a patient’s paper chart. These records were intended to make information available with the click of a button, and only accessible by authorized system users. This technology helps prevent some types of medical record theft, but opens doors to new fraud schemes enacted by physicians and their staff. Copy-and-paste fraud, cloning, and upcoding are few of many fraudulent practices that were born from EHR’s creation. To combat these new threats to payment integrity, OIG and CMS decided to pursue more vigilant audit practices.

Expensive problems began to present themselves as early as 2013, when a Florida-based medical group realized that they had claimed over $31M in EHR payments. Considering that by that year, CMS had paid out more than $15.2B in EHR incentive payments to providers demonstrating meaningful use – incentive based payments were beginning to get more attention. In 2015, the agencies decided to examine back data from 2011 in order to identify fraudulent incentive payments. Results suggested that a majority of providers were not able to meet Medical Necessity criteria and/or objectives.

EHR…what they offer in convenience, they also offer in opportunities for mistakes, fraud, and complacency.

Today, EHR and EMR are still dominating the medical records space. They are incredible tools for providers, auditors, medical facilities, and patients…but they are still being used as tools for hackers and criminals. In order to continue living in a tech-savvy world, everyone on the clinical and administrative sides of healthcare must compensate for EHR’s weaknesses, in the same ways EHR helps compensate for our own. The ecosystem has become more dynamic and complex, and our efforts to maintain it have not diminished or increased; they’ve simply changed.

To do your part in fighting EHR-based fraud, learn how to mitigate fraud and cultivate a culture of compliance.


  1. Patients – “Patient Engagement” might just sound like a couple buzz words thrown together, but patients should be educated enough to comfortably take an active role in the management of their personal data. Patients should be encouraged to notify governing organizations of potentially fraudulent activity at the hands of their care givers. If a provider is pushing the delivery of medically unnecessary services such as using nitrous on a calm patient during a filling procedure – there may be an issue. Another example could be something as minute as receiving an explanation of benefits for a procedure that was never given.
  2. Provider – Many providers do not intend on committing fraud, they simply do not grasp the standards of Medical Necessity of compliant coding. To ensure compliance and to bolster education, physicians may encourage staff members to acquire their Certified Professional Coder Alternatives involve hiring a third party to perform educational audits with provider education to follow results delivery. These arrangements typically involve claims selection and review, followed by Certified Professional Coders and Medical Auditors training medical staff on site to prevent future error.

EHR Operations


  • Implement access controls and authentication requirements in order to prevent medical identity theft, HIPAA violations, and other fraud schemes that involve the acquisition of patient and provider records.
  • Clearly define, review, and share policies and procedures that address misuse of EHR systems.
  • Educate all regular users on EHR functionality. Lack of understanding can result in accidental release, sharing, or even deletion of essential medical documentation.
  • Reach out. If you’re not confident in your documentation or operations, seek assistance. Many audit ad advisory firms such as Advize Health offer education services to providers and medical facilities.


  • Abuse EHR templates or auto-population functions. Many EHRs are equipped with technology that allows a provider to generate documentation with a single click. This information is not consistently accurate or verifiable. Templates facilitate complacency and often results in insufficient documentation.
  • Use copy-and-paste documentation. This method of documenting procedures is commonly referred to as “cloning”. Unless absolutely necessary (and it rarely is) providers should not copy and paste patient documentation between sources. This is a fraudulent practice that continues to gain popularity amongst EHR users. Data should always be updated, accurate, individualized, and verified before submission or utilization.