Electronic health records (EHRs) can make it easier for healthcare organizations to perpetrate fraud and the Centers for Medicare and Medicaid Services (CMS)—as well as their audit contractors—have not made proper adjustments, a government watchdog report finds.

“CMS and its contractors had adopted few program integrity practices specific to EHRs. Specifically, few contractors were reviewing EHRs differently from paper medical records,” a Health and Human Services Office of the Inspector General (OIG) report states. “In addition, not all contractors reported being able to determine whether a provider had copied language or overdocumented in a medical record,” the report states, noting that “CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities.”

The OIG’s findings are based on an online questionnaire to CMS administrative and program integrity contractors that use EHRs to pay claims, investigate fraud, and identify improper Medicare payments, according to the report.

Overall, some features of EHRs can be used to prevent fraud if used consistently, but copy and pasting, or cloning of clinical documentation, and overdocumentation are still difficult for auditors to detect, the OIG said.

In its recommendations, OIG urged CMS to provide additional guidance to contractors on identifying modified and original content in EHR claims data, and encouraged the use of audit logs as a means of authenticating the medical record to support a claim.

This report follows a similar OIG report issued in December that detailed further how copy and pasting and other tactics leave EHRs vulnerable to fraud.