Compliance tips for implementing an electronic medical record system

by Lisa I. Wojeck

Lisa I. Wojeck, MS, JD, CFE, CISA, CHC, (lisawojeck@gmail.com) is a healthcare compliance professional living in Baltimore, MD.

The electronic medical record (EMR) system is crucial to hospitals, physicians, and other healthcare providers, and arguably the most important system in the provision of care. It also presents some of the greatest opportunity for risk as it relates to federal regulations, and therefore it must be built to comply. Breaches of protected health information (PHI) range from $100 to $50,000 per medical record with a cap of $1.5 million per calendar year.[1] Erroneous claims are false claims, and Medicare does not pay false claims. Further, false claims may result in treble damages, fines, exclusions, and imprisonment.[2] This article provides compliance tips for implementing an EMR system.

There are various phases in the life cycle of an electronic medical record system, including planning, building, testing, deploying, and maintaining it. Compliance should be consulted, if not included in each phase. The project lead responsible for the software may have an information systems and/or a clinical background and may not be aware of compliance issues. It is more helpful to the organization to include Compliance from the beginning, rather than when a problem is identified. Cleaning up errors is more difficult and costly than building the system correctly.

Medicare requirements

There are a number of Medicare manuals and requirements; these are based on federal regulations and must be followed. As information systems teams build the EMR system, they usually meet with the business area. Diagrams, flowcharts, and narratives are created to document a meeting of the minds as to the way the business process works. If the individuals involved in that process do not understand Medicare requirements, and Compliance is not included, the system may not be compliant with Medicare.

For example, the EMR system build needs a mechanism or mechanisms and workflow to identify surgeries that require device replacements because of defects, recalls, mechanical complication, etc. The purpose of these build features is to enable the organization to generate correct claims and avoid inappropriately charging Medicare for replacement devices due to defects, recalls, mechanical complication, and such.[3]

Outpatient rehabilitation services provide another interesting example. Medicare manuals state that when only one service is provided in a day, providers should not bill for services performed for less than eight minutes. A single timed CPT code in one day is measured in 15-minute increments, and one unit is 8 minutes through 22 minutes.[4] Incorrect builds, including those involving time, will cause incorrect claims, and incorrect claims (whether intentional or not) are false claims. Careful attention must be given to Medicare requirements throughout the lifetime and use of the EMR system.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings