There is no question that electronic medical records (EMRs) can be an amazing resource for your patients and your practice. However, keep in mind that EMR systems carry security, privacy, financial, and malpractice risks as well.

Q. What types of issues should we be aware of?

A. In EMR systems, it has become particularly easy to code visits as level 4 or 5 merely by clicking on various elements that appear on the computer screen. The resulting chart printouts look like all elements of the history and exam have been performed at each and every patient visit — and we know that’s rarely true. Payers are watching closely for fraud and abuse, so it behooves us to ensure that the chart accurately represents the work and thoughts of the providers on that visit.

We all know that security can be compromised on EMR. Just as we don’t leave paper records out for anyone to see, it makes sense not to leave electronic records “open” — even for just a moment. Additionally, mobile devices such as smartphones, tablets, and laptops with access to your EMR are under constant threat of theft. In an unusual twist, hackers have even held some practices’ EMR data hostage.

Q. What else should we know?

A. These real and serious threats are easily understood, but some aspects of EMR that we take for granted are creating a new threat. It may seem more efficient, but documentation that does not represent what actually transpired during a patient encounter can threaten a practice. I am talking about cloning notes.

CMS and other payers have been warning about cloning notes in EMR for several years, but as EMR use expands, investigators with the Office of the Inspector General (OIG), as well as most payers, have taken notice.

Starting in 2012, the OIG Work Plan noted CMS would “review … services for the same providers and beneficiaries to identify electronic health records (EHR) documentation practices associated with potentially improper payments. Medicare contractors have noted an increased frequency of medical records with identical documentation across services” (oig.hhs.gov/reports-and-publications/archives/workplan/2012 ). This statement of concern speaks specifically to the tendency to “copy-forward” information from a previous visit and clone it. And, while this started in 2012, it is an ongoing issue for the OIG.

Some EMR systems even have options that allow copy-forward in commonly cloned areas such as the “problem list” in the history. It’s a key time-saver for EMR users, so EMR vendors would not sell many systems without this feature. While not entirely bad (think how similar most laser operative notes have been for years), it does call into question the veracity of notes where things may change. If all of the history elements — for example, all 14 Review of Systems areas — are not actually asked or if they don’t all apply to the day’s visit, it would be improper to create a note that misrepresents the service.

Be sure you can defend the need for all cloned information or, if you doubt the note’s believability, start from scratch and ask the patient directly. It may not be as easy as cloning, but it will be more accurate.

Let’s look at an unintended consequence of the move to EMR. Some providers have the capability (because the notes appear to show everything was done) to choose a higher paying code. The higher codes may or may not be justified. Some providers did not document well on paper, so the services they delivered were at a higher level than they billed. For them, EMR is a more accurate note.

It’s also likely that, for many practices, documentation is for the sole purpose of meeting higher service levels. Payers know what practices have billed in the past, and they already have a high index of suspicion of fraud and abuse upon seeing sudden changes in billing patterns. They might request proof, which may begin as a request for a number of visits or as a notice from the payer that their utilization of certain codes is “outside the norm.”

Q. What can we do to prevent these problems?

A. The answer is to have the EMR show only the work that is done and relevant for that particular visit. Anything copied forward should actually be used in the examination, diagnosis, and treatment of the patient. Medical necessity — the number one driver of your services — is then fully supported. Proper code selection follows and is made more accurate.

Payers who ask for your documentation may not tell you when you’ve done well, but they may quit asking. You can take that as evidence that they believe what you document.

Q. What will need to change in 2021 with the new E/M instructions?

A. Your basic EMR system will not change much. Coding for E/M will be based on either physician time or medical decision making. Coding based on time will be unusual in an ophthalmic practice. There will be much less reason to “click all the boxes” or to clone notes, because the level of E/M code will be dependent on medical decision making only, not the amount of history or exam. This will benefit retina specialists a great deal, because many exam elements (eg, external adnexa) are frequently not pertinent to a retinal exam. RP