How can an EHR system protect your practice in the case of an audit?

By Dava Stewart

Life can be hectic, and for most DCs, completing paperwork is a less-than-welcome task. Sometimes, it seems reasonable to look for short-cuts and ways to make dealing with documentation a little easier. However, in the case of an audit, the few moments you may save can become costly in terms of both time and money.

There are many reasons to move away from paper in the office; however, sometimes paper can be the best way to go.

One such example is the manual sign-in sheet that most DCs still use. Imagine a client receives an explanation of benefits statement from his insurer but does not recall coming to your office. The patient contacts the insurance company, and the chain of events leads to an investigation. If you have a sign-in sheet with physical piece of paper with the patient’s signature, you will be fine. If some other check-in system for patients seems like it would save time or reduce waste, consider switching very carefully.

If you use SOAP notes, you probably find yourself writing the same things over and over again. After all, many patients have the same kinds of issues, and similar treatment plans can help many people. If you use an electronic health records (EHR) system, you may be tempted to simply copy and paste the same notes at times. Be careful: Notes that have been copied and pasted are one of the things that auditors look for, so it is a very bad idea to duplicate notes.

Increasingly, the Office of the Inspector General (OIG) is conducting audits of practices who have attested to meaningful use of an EHR system and received incentive payments from the federal government. Generally, such an audit will begin with a letter from the OIG requesting meaningful use documentation, which includes:

• Licensing agreement and invoice, showing that the software was legally purchased
• Number of facilities
• Number of EHR systems in use
• Time spent (by the practitioner) in different offices
• Records kept outside of the EHR
• Percentage of records outside of the EHR
• Documentation to support all claims

Most of these documents are easy to produce, and the more your practice uses your EHR system the easier it will be to show meaningful use. After all, if you are using it, demonstrating that fact won’t be a problem.

Meaningful use audits may also include an examination of your security procedures. If you have (and you should have) a HIPAA compliance officer on your staff—that is, someone takes on the responsibility of making sure the practice remains compliant with the law—then that person is routinely checking to make sure all security measures are in order. Maintaining a HIPAA Compliance Manual is a great way to document all of the ways your practice implements the required risk assessments and security checks, and such a manual provides the documentation you will need in the case of an audit.

The best course of action is to proceed as if you will be audited. That is, expect an audit. If you expect to be audited, and you maintain documentation and security measures, then the audit will not present any special difficulties.