Integrity of the Healthcare Record: Best Practices for EHR DocumentationEditor’s note: This update replaces the 2007 practice brief “Guidelines for EHR Documentation to Prevent Fraud.”
Electronic documentation tools offer many features that are designed to increase both the quality and the utility of clinical documentation, enhancing communication between all healthcare providers. These features address traditional well-known requirements for documentation principles while supporting expansive new technologies. Use of these features without appropriate management and guidelines, however, may create information integrity concerns such as invalid auto-population of data fields and manufactured documentation aimed to enhance expected reimbursement. Processes must be in place to ensure the documentation for the health information used in care, research, and health management is valid, accurate, complete, trustworthy, and timely.
There are a number of existing rules and regulations on documentation principles and guidelines that primarily address documentation authorship principles, auditing, and forms development in a paper health record. New guidelines are being sought by the healthcare industry that ensure and preserve documentation integrity in an age of electronic exchange and changes in the legal evidentiary requirements for electronic business and health records.
With the continued advancement of electronic health records (EHRs), there is increasing concern that a potential loss of documentation integrity could lead to compromised patient care, care coordination, and quality reporting and research as well as fraud and abuse. This practice brief provides guidance for maintaining documentation integrity while using automated EHR functions.
Ensuring Documentation Integrity
Documentation integrity involves the accuracy of the complete health record. It encompasses information governance, patient identification, authorship validation, amendments and record corrections as well as auditing the record for documentation validity when submitting reimbursement claims. EHRs have customizable documentation applications that allow the use of templates and smart phrases to assist with documentation. Unless these tools are used appropriately, however, the integrity of the data may be questioned and the information deemed inaccurate—or possibly even perceived as fraudulent activity. Established policies and procedures such as audit functions must be in place to ensure compliant billing.
Without safeguards in place, records could reflect an inaccurate picture of the patient’s condition, either at admission or as it changes over time. The provider must understand the necessity of reviewing and editing all defaulted data to ensure that only patient-specific data for that visit is recorded, while all other irrelevant data pulled in by the default template is removed. For example, the automatic generation of common negative findings within a review of systems for each body area or organ system may result in a higher level of service delivered, unless the provider documents any pertinent positive results and deletes the incorrect auto-generated entries.
Appendix B, available in the online version of this practice brief in the AHIMA Body of Knowledge, illustrates examples of worst and best case scenarios observed in documentation practices for healthcare delivery. These scenarios show how the ability to copy previous entries and paste into a current entry can lead to a record where a provider may, upon signing the documentation, unwittingly attest to the accuracy and comprehensiveness of substantial amounts of duplicated or inapplicable information, as well as the incorporation of misleading or erroneous documentation. The scenarios further illustrate that while helping to improve apparent timeliness and legibility of documentation, additional adverse effects were created by the inability to verify actual authors or to authenticate services provided at any given time.1-4 From a billing perspective, defaulting or copying and pasting clinical information with previous existing documentation from other patient encounters in a different health record facilitates billing at a higher level of service than was actually provided.
Providers must recognize each encounter as a standalone record, and ensure the documentation within that encounter reflects the level of service actually provided and meets payer requirements for appropriate reimbursement. The integrity of this information is vital. As Michelle Dougherty, MA, RHIA, CHP, noted in her testimony to the Office of the National Coordinator for Health IT’s (ONC) HIT Policy Committee, “If clinical documentation was inaccurate when used for billing or legal purposes, it was wrong when it was used by another provider, another provider at transition, a researcher, the public health authority, or quality reporting agency.”5 The documentation may need to include any health information such as labs, changes in medications, or updates to any chronic health conditions impacting an encounter that was reviewed by the provider during the visit.
Time’s Ticking for Information Governance
Data quality and record integrity issues must be addressed now, before widespread deployment of health information exchange (HIE). Poor data quality will be amplified with HIE if erroneous, incomplete, redundant, or untrustworthy data and records are allowed to cascade across the healthcare system. Healthcare organizations must manage information as an asset and adopt proactive decision making and oversight through information asset management, information governance, and enterprise information management (EIM) to achieve data trustworthiness. AHIMA defines information governance as “the accountability framework and decision rights to achieve EIM. EIM is defined as the infrastructure and processes that ensure information is trustworthy and actionable.”
The multitude of federal and state health information exchange initiatives are making information governance and the integrity of EHRs more challenging every day. An accurate information governance program will ensure the accountability of how information is managed and the information’s integrity.
Legal Issues Surrounding EHRs
HIM professionals consistently identify the following documentation practices as problematic in EHRs. These practices contribute to data quality and information integrity issues. Risky documentation practices that create the potential for patient safety, quality of care, and compliance concerns—such as those described below—may leave an organization vulnerable to patient safety errors and medical liability.
Template Documentation Challenges
Documentation templates can play an important role in improving the efficiency of data collection, ensuring all relevant elements are collected in a structured format. However, these templates also have limitations:
Cloning, Copy/Paste Practice Problems
Cloned documentation continues to be a significant problem that creates unnecessary redundancy and at times inaccurate information in the EHR. Some EHR systems are designed to facilitate cloning with such popular features as “make me the author” to assume the content of another person’s entry, “demo recall” to copy forward vital signs, “copy and paste” to replicate information from a previous visit, or the use of “smart phrases”—a function that pulls in specific identical data elements. Automated insertion of previous or outdated information through EHR tools, when not modified to be patient-specific and pertinent to the visit, may raise significant quality of care and compliance concerns—creating a potential for medical liability issues.
Organizations must develop policies designed to address inappropriate use of these tools to minimize non-compliance. Common documentation risks that can result from cloning features include:
Dictation Errors without Validation
Organizations using voice recognition without a validation step in place are experiencing significant data quality problems and documentation errors. Organizations should have in place a process to ensure providers review, edit, and approve dictated information in a timely manner. Since these documents are often used and exchanged, the importance of accurate and quality documentation in EHR systems is critical.
EHRs have created tremendous changes in the provider’s workflow and documentation process. Best practices for documentation that ensures quality have not been well defined for EHRs and are not well understood by providers. Innovations are needed to improve documentation tools and techniques; a back-to-the-basics focus on the importance of data accuracy and quality must take priority before widespread deployment of interoperable health information exchange occurs.
Healthcare fraud has signalled sharper focus on specific avenues for improper claims or billing, including EHRs. The Office of Inspector General’s 2012 Work Plan included a focus on fraud vulnerabilities specifically presented by EHRs, making it the first work plan in which the agency explicitly named EHRs a a target for review.
Patient Identification Errors
Documentation integrity is at risk when the wrong information is documented on the wrong patient health record. Errors in patient identification can affect clinical decision making and patient safety, impact a patient’s privacy and security, and result in duplicate testing and increased costs to patients, providers, and payers. Patient identification errors can grow exponentially within the EHR, personal health record, and HIE network(s) as the information proliferates.
Failure of organizations to employ front end solutions that include measures like sophisticated matching algorithms or other methods such as use of biometrics, photography, or fingerprinting can put the organizations at risk.6 Special alerts can be designed and implemented within an EHR to avoid potential safety issues, such as when a patient blood type or allergy does not match the patient undergoing treatment.
Organizations must have a patient identity integrity program that includes performance improvement measurements that monitor the percentage of error rates and duplicate records within its electronic master patient index. Policies and procedures must ensure that key demographic data are accurate and used to link records within and across systems. Policies must address the initial point of capture as a key front end verification.
Authorship Integrity Issues
Authorship attributes the origin or creation of a particular unit of information to a specific individual or entity acting at a particular time. When there are multiple authors or contributors to a document, all signatures should be retained so that each individual’s contribution is unambiguously identified.7 Some EHR systems allow more than one individual to add text to the same progress note entry or flow sheet. If the EHR does not have functionality to enable both providers to document and sign, it may be impossible to verify the actual service provider or the amount of work performed by each provider.
Integrity of Amendments
As outlined in the AHIMA toolkit “Amendments in the Electronic Health Record,” addendums, corrections, deletions, and patient amendments should be included in the record as defined by HIPAA. In order to support the integrity of the health record, EHR systems need to allow providers to make amendments, have the ability to track corrections, and identify that an original entry has been changed. The functionality to do this can be a combination of EHR applications along with policies and procedures that outline when changes need to be made, what changes can be made, who can make the changes, and how these changes will be tracked and monitored.
The original entry must be viewable, along with a date and time stamp, the name of the person making the change, and the reason(s) for the change. Without this information, the date sequence may be impossible to follow—adversely affecting appropriate patient care and resulting in questionable supporting documentation for reported services. See case study 2 in Appendix B for examples of best and worst case scenarios and discussion questions related to data integrity.
The EHR functionality may also determine whether or not an original note or amendment includes the correct date and time. Some systems automatically assign the date that the entry was made, while others allow authorized users to revise the date of entry to the date of the visit or service.
All users are responsible for ensuring that documentation authorship is accurately recorded in all approved uses of the available documentation tools, and for making sure that any changes or deletions made outside of routine record use are maintained in the EHR system. Appendix C, available in the AHIMA Body of Knowledge, provides guidance on steps to prevent fraud in EHR documentation.
Healthcare Fraud and Abuse
Healthcare fraud is defined as an “intentional deception or misrepresentation that the individual or entity makes knowing that the misrepresentation could result in some unauthorized benefit to the individual, to the entity or to some other party.”8 The intentional fabrication of medical records in order to improve reimbursement may be considered fraudulent. This fabrication could result from overuse of “copy and paste” functionalities or misuse of templates originally designed for documentation efficiency.
Healthcare abuse describes incidents or practices which are not usually fraudulent but are not consistent with accepted medical or business practices that may result in unnecessary costs to payers. These unintentional practices may involve repeated billing and coding errors that over time may be considered fraudulent if patterns of continued practice are found upon external review.
When misrepresentation occurs—whether it is intentional or unintentional—the staff member that has responsibility for ensuring an accurate claim has the obligation to proactively identify and prevent fraud. All providers involved in the patient’s care must be held accountable to ensure the integrity of the documentation is compliant with existing law and that the level of service reported meets all payer billing, coding, and documentation requirements. According to the Medicare Claims Processing Manual, “Medical necessity is the overarching criterion for reimbursement… and the volume of documentation should not be the primary influence upon which a specific level of service is billed.”9
Audits are essential to ensuring that the health record documentation present supports the level of service reported, that all payer requirements for reimbursement are met, and that only authorized users are accessing or making entries to patient medical records.
Audit trails must include the name of the user, the application triggering the audit, the workstation, the specific document, a description of the event being audited (i.e., amendment, correction, or deletion), and the date and time. The audit trail must capture what is amended (including deletions) within the health record and provide auditors with a starting point for compliance audits.
EHRs that lack adequate audit trail functionality create uncertainty in the integrity of health record documentation, and may create legal liability for the organization while inadvertently making or protecting criminal activity. There may also be no way to determine if and when corrections or amendments were made to the documentation, who made the changes, or the nature of the changes. In addition to the normal unintentional errors that may occur in documentation, audit trail functionality can help to detect situations where an alteration of records is meant to prevent the discovery of damaging information.
Organizations may utilize the audit trail functionality of the EHR system to identify and trend utilization of health records. The functionality typically allows users to generate reports for a specified time frame by provider or provider type, with the results sent directly to a compliance committee or the organization’s governing body.
Organizations may need to devote more strategy to ensure providers are well-informed about compliance and legal risks. This starts in the EHR training process. Organizations may need to develop initiatives in EHR education to make sure they do not risk compliance problems.
Staff education on best practices for documentation should focus on the integrity of the health record. The education program must be monitored, maintained, and offered quarterly or annually. Answering questions of who, what, why, and how will help to ensure individuals have a solid understanding of the organizational practices and measures that maintain individual best practices. Education geared toward understanding who, what, why, and how must include:
Recommendations for Maintaining Integrity
Organizations should have policies and procedures in place that prevent fraud as a result of deliberate falsification of information. At minimum, organizations should consider these four primary conditions:
Four appendices are available in the online version of this practice brief in the AHIMA Body of Knowledge at www.ahima.org:
AHIMA. “Information Governance.” 2013.
Kim Baldwin-Stried Reich, MBA, MJ, RHIA, FAHIMA, PBCI, CPHQ
Cecilia Backman, MBA, RHIA, CPHQ
AHIMA e-HIM Work Group Members
Danita Arrowood, RHIT, CCS
The information contained in this practice brief reflects the consensus opinion of the professionals who developed it. It has not been validated through scientific research.