When patients worry about computerized health records, the concern mostly revolves around hackers prowling through personal information and medical records in doctor’s offices or hospitals. Consider the massive breaches of records security that national retailers and credit card companies have encountered, for example, and there are reasonable grounds for concern that electronic health records could be similarly compromised.
For nearly a decade, the federal government has encouraged doctors and hospitals to adopt electronic records systems for patient care and billing. One of the more troubling aspects that has emerged with growing use of the technology is not so much the risk of unauthorized access to patient records as the ease of abuse of the technology by authorized users.
Among other studies over the past few years, a report this month by the inspector general of the Department of Health and Human Services noted “new and ever-evolving forms of electronically enabled health care fraud,” contributors to the estimated $75 billion to $250 billion in health-care fraud every year. The report flagged in particular copy-pasting and documentation features. These are time-saving, without question. But studies find they also enable providers, by error or intent, to claim to have performed — and bill for — many more high-level services than they actually delivered.
The report faulted the Center for Medicare and Medicaid Services for inadequate attention to reducing such vulnerabilities in electronic systems. The goal of the federal incentive program is to help providers get more out of the technology than simple record-keeping. The program has spent more than $22.5 billion encouraging “meaningful use,” for example, using the data to improve care coordination for patients with multiple chronic conditions, to reduce health disparities across populations and to raise financial efficiency. To make good on the promise of electronic systems will require much vigilance.