The U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) recently released a compendium (Compendium) of its top unimplemented recommendations.  The Compendium comprises 25 unimplemented past OIG recommendations that the OIG believes could have a positive impact on HHS programs in terms of cost savings and/or quality improvements.  The Compendium’s recommendations span the breadth of HHS programs, including Medicare, Medicaid, Affordable Care Act marketplaces, and health information technology.

In December 2013, the OIG reported that hospitals had not implemented all recommended electronic health record (EHR) technology fraud safeguards in connection with the Centers for Medicare & Medicaid Services (CMS) meaningful use program.  The OIG then recommended that the Office of the National Coordinator for Health Information Technology (ONC) and CMS strengthen collaborative efforts to comprehensively address fraud vulnerabilities in EHR systems subsidized through the meaningful use program.  The OIG cited the improper use of the copy-paste feature in EHR systems, and the failure on the part of approximately 75% of hospitals to incorporate policies governing the use of copy-paste in EHR systems, as a particular area where EHR systems are susceptible to fraud.

The Compendium follows up on the OIG’s 2013 findings to report that CMS and ONC have yet to develop a comprehensive plan to collaboratively address fraud vulnerabilities in EHR systems, although CMS has undertaken certain efforts to monitor fraud through payment audits, and the ONC has offered technical assistance to federal agencies.  The Compendium notes that full implementation of its recommendations regarding EHR fraud could improve HHS program integrity and also protect personal identifying information of HHS program beneficiaries.  The Compendium also posits that all divisions within HHS have a shared responsibility for the integrity of HHS programs.

Hospitals and other health care providers would do well to recognize that the OIG remains highly cognizant of the susceptibility of new health care technology to fraud, particularly as the adoption of such technology has become pervasive throughout the health care system (due in part to subsidies under programs such as CMS’s meaningful use program).  The Compendium provides a reminder that the OIG continues to monitor program compliance related to EHR technology, and hospitals and other health care providers would be well advised to review applicable HHS program requirements and guidance to ensure compliance with such requirements and allow for implementation of best practices for the adoption of EHR technology.