CMS EHR Toolkit Gives a Glimpse into Potential Compliance Issues
The toolkit clarifies risks and provides guidance, but more can be done to address software and user pitfalls.
Without any fanfare, the Centers for Medicare & Medicaid Services (CMS) last year published its Electronic Health Records Toolkit, offering coders, facilities, and providers a glimpse of the regulatory risks that CMS assigns to improper EHR use. Anyone with an EHR who hasn’t reviewed the CMS documents should access the Toolkit and distribute all or parts of it to providers, coders, and legal counsel, as appropriate.
Although the Toolkit falls short of answering many questions regarding documentation and coding compliance, it gives a glimpse into what CMS considers the important regulatory issues associated with electronic records, and provides some rudimentary guidance.
For example, the Toolkit file, “Ensuring Proper Use of Electronic Health Record Features and Capabilities: A Decision Table,” states these best practices:
… providers must recognize each encounter as a standalone record, and ensure the documentation for that encounter reflects the level of service actually provided.
It further recommends creation of an internal policy, in which:
… providers should weigh efficiency against the potential for inaccurate, fraudulent, or unmanageable documentation.
Regarding authorship of an EHR entry, the Toolkit advises:
Each entry not solely authored by the user must be validated in a manner similar to bibliographic notations and include the name, date, time, and source of the data. This can be satisfied by system software design that routinely provides validation.
Documents in the CMS Electronic Health Records Toolkit include:
- Program Integrity Issues in Electronic Health Records: An Overview
- Resource Handout Resources for Program Integrity in Electronic Health Records
- Detecting and Responding to Fraud, Waste, and Abuse Associated With the Use of Electronic Health Records Booklist
- Preparing for and Responding to Audits of Electronic Health Records Checklist
- Detecting and Investigating Unauthorized Access to Electronic Health Records – A Case Study
- Compliance Checklist for Electronic Health Records
- A Compliance Program for Electronic Health Records Fact Sheet
- Ensuring Proper Use of Electronic Health Record Features and Capabilities: A Decision Table
- Documentation Integrity in Electronic Health Records
- Conducting Internal Monitoring and Auditing – Job Aid
- Manual Review of Electronic Health Records – Job Aid
CMS Hasn’t Defined Clinical Documentation Expectations
CMS became a key player in the EHR arena in 2009, when the federal government enacted the Health Information Technology for Economic and Clinical Health (HITECH) Act as part of the American Recovery and Reinvestment Act. HITECH was designed to stimulate adoption of EHRs capable of advancements in patient care quality, including e-prescribing and interoperability. Incentives of up to $44,000 per provider were offered for timely implementation of EHRs, along with a small penalty of approximately $500 per year for Medicare-participating providers who failed to implement compliant EHR systems within the CMS timeline.
The Office of the National Coordinator for Health Information Technology (ONC) developed an EHR certification program to limit risks to providers and facilities shopping for EHRs, and to ensure providers receiving the incentive purchase “legitimate” EHRs. The ONC certification covers issues identified by the U.S. Department of Health and Human Services (HHS) as critical to national EHR success, mostly involving format structure that is easily transmitted and retrieved, but that is also secure and private and has “meaningful use.”
These certification programs were in place when EHR purchases under HITECH began, but it’s important to understand that the EHR “certification” criteria predominantly address administrative and information technology-related content. Some clinical issues were included when they satisfied HHS initiatives such as performance measures and e-prescribing; however, certification failed to address non-compliant, day-to-day coding and clinical documentation features in EHRs, which focused on time-saving macros (often mislabeled as templates) and quick-pick lists of codes. Certification had little to do with clinical documentation excellence or coding accuracy and compliance; some clinical and coding advocates are hopeful that the Toolkit will fix some of that deficiency.
Although CMS waited six years after HITECH to publish its first EHR guidance, the CMS Toolkit remains fuzzy in its vision regarding clinical documentation and coding issues relating to EHRs. For example, with the EHR feature called “populating by default,” a review of systems (ROS) or physical exam is already filled out for the provider for a new date of service. The form shows all systems are normal. The provider changes only the systems having abnormalities in the review or exam.
The problem with “populating by default” is that it reports work the provider may not have performed because it assumes all body systems were reviewed and a complete physical exam was performed. This plays havoc with evaluation and management (E/M) leveling.
Although stating that populating by default may result in the reporting of services that were not delivered, the Toolkit falls short of outlawing “population by default;” instead, saying the provider should verify the validity of auto-populated information. It offers no best practices solution for populating by default, although a simple best practice might be to turn off this function in the EHR.
EHR Problem Areas to Watch
In some instances, in “Ensuring Proper Use of Electronic Health Record Features and Capabilities: A Decision Table,” CMS states in the “best practices” field that there are none to report at this time. It’s not known whether we can look to CMS for more detailed and helpful guidance in the future. Many providers and coders today cite degradation of the clinical record as a result of templates, micros, macros, and copy/paste, and are looking for a fix.
“The medical record is becoming so large and unwieldy as to be indecipherable,” Steven J. Stack, MD, chair of the American Medical Association (AMA), said in an address to CMS in 2013. “CMS should provide clear and direct guidance to physicians concerning the permissible use of EHR clinical documentation for the purposes of coding and billing.”
EHR improvement aligns with CMS goals, too. The Evaluation and Management Services Guide issued by CMS states:
Clear and concise medical record documentation is critical to providing patients with quality care and is required in order for providers to receive accurate and timely payment for furnished services. Medical records chronologically report the care a patient received and are used to record pertinent facts, findings and observations about the patient’s health history. Medical record documentation assists physicians and other health care professionals in evaluating and planning the patient’s immediate treatment and monitoring the patient’s health care over time.
Stephen Levinson, MD, CHCA, author of AMA publications Practical E/M and Practical EHR, identifies five intrinsically flawed design and functionality features that are prevalent in most current EHRs. These flaws, according to Levinson, are capable of disrupting both compliance and physicians’ medical diagnostic process:
- Failure to consider medical necessity (which Medicare defines as “the overarching criterion for payment”) into guidance for appropriate levels of care, documentation, and code selection. According to the AMA’s CPT guidelines for E/M, considering (and documenting) the nature of the presenting problem(s) provides confirmation and support for medical necessity.
- Failure to guide and require documentation of the qualitative (i.e., individualized descriptive) aspects of care as defined in 1997 Documentation Guidelines.
Required qualitative data includes, for:
Chief compliant: “stated in the patient’s own words” (rather than a forwarded copy of previously entered diagnosis);
HPI: the “chronological description” of the course of the patient’s illness;
PFHS and ROS: “supplementing” with pertinent positive and negative responses to inquiries about details of the positive responses to questions in these history areas;
PE: “specific abnormal and relevant negative findings”; and
Clinical assessment: patient-specific and visit-specific descriptions of diagnoses (e.g., location, severity, extent, and status relevant to previous encounters).
3. Non-compliant coding engines (based on the non-sanctioned, incomplete, and non-compliant “scoring sheet” introduced as a coding short cut in 1995.
4. Use of data entry shortcuts that create non-compliant “cloned” pseudo documentation through automated function.
5. Use of data entry shortcuts that replace documentation of clinical assessment (i.e., “impressions”) with ICD billing language and codes, a process that limits clinical descriptions and eliminates documentation of differential diagnoses.
These EHR documentation problem areas should be identified and addressed because they are subject to the financial and emotional devastation of negative Medicare or Office of Inspector General (OIG) audits.
Levinson also advises, “It is important to distinguish between EHR utilization of (compliant) templates vs. (non-compliant) macros.”
Templates are pre-loaded frameworks that include history questions to be asked with individualized documentation of the responses or exam elements to be examined with individualized documentation of the findings.
“Macros include the templated questions, plus pre-loaded generic negative history responses and normal exam findings … As automatic or single-click tools, the macro loads a completed clinical document before the patient has even been evaluated,” Levinson said.
Levinson also emphasizes that coders and auditors require comprehensive and compliant tools that consider medical necessity when reviewing EHR documentation and coding. The commonly-employed, non-compliant scoring sheet not only offers inadequate and incorrect E/M coding in paper records, but it completely lacks tools to address the aforementioned five deficiencies of EHRs. Practical E/M’s compliant audit forms for paper charts were published as part of a CD accompanying the second edition of Practical E/M in 2008. These forms were subsequently enhanced to consider all the above EHR danger areas; PDFs of these coding and audit charts were made available through AAPC in conjunction with Levinson’s 2013 AAPC Workshop, Advanced E/M Coding for EHRs.
Top EHR Misconceptions
You can improve your income with electronic health records (EHRs).
Vendors may promise EHRs provide an easy way to cut costs by reducing the number of employees needed in a practice, and increase income by improving provider productivity. Although the need for file clerks may be reduced with EHRs, the number of coders, schedulers, and other office personnel will likely remain steady, or grow. Increased productivity may come with time, but to date this either hasn’t panned out in the short term for most practices, or has resulted from non-compliant up-coding.
What EHRs should provide is enhanced levels of patient care, easier use of some mandated programs, increased efficiency in compliant documentation and coding practices, and safeguards for patient health.
Automated E/M levelers in EHRs save time and ensure optimal coding levels.
Some EHRs will automatically calculate the E/M level for an office visit, but because issues of medical necessity and failure to require qualitative features in the history of present illness; review of systems; past, family, and social history; physical exam; and clinical assessment, the EHR coding is unlikely to fare well in an audit.
You’re stuck with the features in an EHR.
Many of the documentation features within an EHR can be edited by your information technology team or the vendor. If a feature is being misused or is simply one that you suspect may not be compliant, modify the system. EHRs are modifiable. Vendors may require a significant fee for modifications.
All features within a government certified EHR are acceptable to all payers.
Many EHR features raise compliance questions. The U.S. Department of Health and Human Services sent a letter to U.S. hospitals in September 2012 stating that the cut-and-paste feature of some EHRs “risks medical errors as well as overpayments,” and said, “CMS has the authority to address inappropriate increases in coding intensity in its payment rules and CMS will consider future payment reductions as warranted … We will continue to escalate our efforts to prevent fraud.”
Just because a feature is available in a certified EHR does not make it compliant with payer rules. Have your compliance department review the documentation and coding performed through your EHR.
Providers can save time and money using EHR coding pick lists or coding prompts.
EHRs include current codes from the major code sets, and providers can use these lists to code encounters and either submit these codes directly or have them reviewed by coding/billing staff before submission. But nearly all systems lack code instructions, guidelines, and information from Coding Clinic or CPT® Assistant. Most providers are not certified coders and do not have the breadth of understanding to select codes compliantly. Truncated code descriptions in some EHRs also contribute to coding errors.
Certified coders should be excluded from EHR selection teams.
Some vendors exclude coding staff from EHR selection, and suggest that certified coders are not qualified or interested. Neither is true. Coders can help providers and office managers understand the coding and compliance implications of EHR features. Their input is crucial to successful coding following implementation.
EHR templates (i.e., macros) provide more detailed documentation.
EHRs certainly provide more documentation, but not necessarily more detail. EHR templates catalog body systems and most allow the provider to select a button stating the system is normal or abnormal, or yes or no. Free text, where providers can enrich the record by describing qualitative details, is limited in most EHRs. Instead of stating “yes” to shortness of breath (SOB), free text allows the provider to state, “SOB on exertion. Says he can no longer negotiate stairs at home, and became dyspneic in relating this to me. O2 on room air was 87.” It is the qualitative information within the health record that provides the most information to clinicians and coders.
Purchasing a federally certified EHR ensures it will be completely compliant.
Certified EHRs are equipped with software that makes them compliant with portability, privacy, and security requirements, as well as some clinical tools including tracking preventive care and performance measures and the ability to detect and advise about prescriptions that could cause allergic or drug interactions. Certified EHRs are not equipped to contribute in any meaningful way to clinical documentation or coding compliance, and most do not follow the 1997 Documentation Guidelines for Evaluation and Management Services, the CMS policy on medical necessity as overarching criteria for E/M and payment, or avoidance of cloning practices and templates as outlined in documents published by CMS beginning in 1999 and continuing to 2015.
CMS, Electronic Health Records Toolkit, “Program Integrity: Electronic Health Records” files
CMS, Ensuring Proper Use of Electronic Health Record Features and Capabilities: A Decision Table, Table 1
CMS, Medicare Learning Network®, Evaluation and Management Services Guide
Sheri Poe Bernard, CPC, COC, CPC-I, CCS-P, is a coding education and risk adjustment consultant and author of the AMA publication, Netter’s Atlas of Surgical Anatomy for CPT® Coding. Her 20-year career in coding and reimbursement includes developing coding curriculum and references for AAPC, the AMA, DecisionHealth, Elsevier, Optum360, and Staywell. Bernard is a member of the Salt Lake City, Utah, local chapter.
publications Risk Adjustment Documentation and Coding; ICD-10-CM Chronic Disease Cards;
and Netter’s Atlas of Surgical Anatomy for CPT® Coding. She is former vice president of clinical
coding content at AAPC. Bernard is a member of the Salt Lake City, Utah, local chapter.
Latest posts by Sheri Poe Bernard (see all)
- Let’s Get on the Same Page when Coding BMI and Obesity - February 27, 2019
- Improve Quality Reporting with Coding Clinic Guidance - August 9, 2018
- Three Tidbits for Better MRSA Dx Reporting - January 12, 2017