Copyright 2014 American Medical Association. All rights reserved.

The Role of Copy-and-Paste in the Hospital

Electronic Health Record
Before electronic health records: If you did not docu-
ment it, you did not do it.
After electronic healthrecords: Youdocumentedit,
but did you do it?
After a slow start, hospitals in the United States
have rapidly adopted electronic health records, as
encouraged by the Health Information Technology for
Economic and Clinical Health Act of 2009 (HITECH).
1
By May 2013, more than 3800 hospitals, or about
80% of the hospitals that were eligible, had received
incentive payments from the Centers for Medicare &
Medicaid Services (CMS) related to the adoption,
implementation, upgrading, or meaningful use of
these records.
2
Yet the application of electronic health
records can be a double-edged sword. Their use can
increase efficiency, facilitate information sharing,
standardize hospital processes, and improve patient
care
1,3,4
But their use can also have unintended conse-
quences and be subject to abuse, such as when data
are duplicated or templates and checkboxes are used
to generate standardized text without a good medical
reason.
Theduplicationof data intheelectronic healthrec-
ordfromone locationtoanother is knownas cloning
5
or copy-and-paste
3,6
andmay more generally refer to
multiple features, including autopopulate and tem-
plates and checkboxes that generate standardized
text. Copy-and-paste is related to, yet differs from,
overdocumentation,
3,6
the practice of inserting false
or irrelevant documentation to create the appearance
of support for billing higher level services,
3,6
as well as
upcoding,
5
theassignment of aninaccuratebillingcode
to a medical procedure, treatment, or visit to inflate re-
imbursement.
In September 2012, federal officials warned about
the misuse of electronic health records to bill for ser-
vices never provided,
5
andthat lawenforcement agen-
cies will take actionwhere warranted.
5
Tworecent re-
ports from the Office of Inspector General of the
Department of Health and Human Services (OIG) ana-
lyzedhowelectronichealthrecordtechnologycanmake
it easier to commit fraud and found deficiencies in the
implementationof recommendedsafeguards.
3,6
Theof-
fice recommended that the CMS develop a compre-
hensive plan to address fraud vulnerabilities
3
and pro-
videguidancetohospitalsontheuseof copy-and-paste.
3
The OIG also recommended that CMS instruct its audi-
tors to detect fraud and that audit logs that detect du-
plicated text be operationalized and used by CMS con-
tractors to assist in fraud detection.
3,6
Although the
federal government has focused on hospitals, the mis-
use of copy-and-paste in office-based physician prac-
tices would raise similar issues.
Does the Use of Copy-and-Paste Equal Fraud?
Clearly, technologymakesit easier tocommit fraudwhen
physicians use tools such as copy-and-paste or tem-
platesinappropriately. Theuseof thesefeaturesmayalso
contribute to poor quality in clinical notes. For in-
stance, asocial historycopiedandpastedintoanadmis-
sionnotemay indicatethat a patient whois a candidate
for a liver transplant is still consuming alcohol, when in
fact the patient has beensober for months. Aphysician
using templates and prefilled checkboxes may care-
lesslydocument acompletephysical examinationbyde-
fault when he or she only conducted a more limited
evaluation. With the erroneous use of copy-and-paste,
thephysiciansassessment andplanmaydocument ade-
cisiontostart treatment withantibiotics today for sev-
eral days in a row, before the mistake is recognized and
corrected.
Yet these same features of electronic health rec-
ordscanbeefficient andclinicallyuseful whenusedprop-
erly. Although traditional handwritten notes may often
have been more concise and exclusively served a clini-
cal need, the purposes of a physicians notes have been
broadenedbytheir usefor billing, tofulfill regulatoryre-
quirements, suchas compliance withfederal standards
for themeaningful useof certifiedelectronic healthrec-
ords technology,
4
andtocollect datafor useinstandard-
ized measures of quality. For example, a core measure
of meaningful use is a problemlist of current andactive
diagnoses that all physicians updateanduse. Unless the
problemlist changes, it shouldbe identical ineachnote
that refers to it. Time spent in counseling and coordi-
nationof care mayappear inatemplatetoremindphy-
sicians todocument thetimespent withthepatient, not
to upcode but to support payment for actual care pro-
vided. A template or checklist for the care of a patient
withmyocardial infarctionmayhelpthephysiciantore-
member toprescribea-blocker or tooffer smokingces-
sation counseling. And if a successful cholecystectomy
happens in exactly the same way for 3 consecutive pa-
tients, theaccompanyingidentical documentationof the
surgical procedures should be welcomed.
Thefederal government usesarangeof federal laws,
including the False Claims Act, in detecting and pros-
ecutinghealthcarefraud.
7
Whencopy-and-pasteisused,
fraudis a concernwhenthedocumentationis knownto
have beenduplicatedor createdprior tothe episode of
care for which reimbursement is claimed. Yet it is too
easy, and often mistaken, to equate a physicians rou-
tine use of copy-and-paste with fraud. Data replication
is afeatureof electronichealthrecords; facts beyondthe
mereuseof duplicatedtext arerequiredtoestablishthat
a note may be fraudulent. Any process by which care is
documentedcouldbe fraudulent. However, noprocess
VIEWPOINT
AnnM. Sheehy, MD,
MS
Division of Hospital
Medicine, Department
of Medicine, University
of Wisconsin School of
Medicine and Public
Health, Madison.
Daniel J. Weissburg,
JD, CHC
University of Wisconsin
Hospital and Clinics,
Madison.
ShannonM. Dean, MD
Division of Pediatric
Hospital Medicine,
Department of
Pediatrics, University of
Wisconsin School of
Medicine and Public
Health, Madison.
Corresponding
Author: Ann M.
Sheehy, MD, MS,
Division of Hospital
Medicine, Department
of Medicine, University
of Wisconsin School of
Medicine and Public
Health, 1685 Highland
Ave, MFCB 3126,
Madison, WI 53705
(asr@medicine.wisc
.edu).
Opinion
jamainternalmedicine.com JAMAInternal Medicine August 2014 Volume 174, Number 8 1217
Copyright 2014 American Medical Association. All rights reserved.
Downloaded From: http://archinte.jamanetwork.com/ by a Universita Torino User on 08/08/2014
Copyright 2014 American Medical Association. All rights reserved.
bywhichcareis documented, includingaprocess that includes data
replication, is bydefinitionfraudulent. Youdocumentedit, but didyou
doit? is problematiconlyif services weredocumentedthat werenot
actually performed.
What Is the Solution?
In our view, the federal government and other insurers should not
penalize physicians andhospitals for responsible use of tools inthe
electronic health record that facilitate efficiency and the appropri-
atestandardizationof thedocumentationof care. Yet misuseof copy-
and-paste is a serious issue that cannot be ignored. Ironically, the
best solution to this problem of overautomation is, quite simply, a
human one. Hospitals, as our medical center has done, should cre-
atetheir owninternal documentationpolicies toremindphysicians
and other clinicians that they are legally responsible for the accu-
racy of their clinical notes, regardless of howmuchof thecontent is
original or replicated. InasurveyconductedbetweenOctober 2012
and January 2013, the OIG found that only 24% of hospitals had a
copy-and-paste policy.
3
Such policies should include specific lan-
guage to prohibit copying information fromone patients recordto
another patients record, mandatethat informationreplicatedfrom
another providers notebeproperlyattributedtotheoriginal source,
and require that providers only document the services they actu-
ally performed. The electronic health record is not to blame for the
carelessness of individual physicians or willful ignorance about the
difference between a problemwith the technology and a problem
with howit is used.
Hospitals, however, alsohaveresponsibilities. For example, hos-
pitals shouldonly encourageandpermit documentationandbilling
that is needed to support the care that patients actually receive.
Some clinicians may require training in responsible documenta-
tion. Logsthat identifythepercentageof copy-and-pastetext inclini-
cal notes may be a helpful adjunct in reviewing the documentation
of care. Such automated logs, however, cannot replace individual
review, as theelectronic tools that detect similarities betweenclini-
cal notes cannot easily distinguish between similarities that repre-
sent standardized care, as encouraged by HITECH, and those that
may reveal fraud.
As of May 2014, CMS had yet to provide guidance to hospitals
anditsauditorsontheuseof copy-and-paste. WhenCMSissuesguid-
ance, the agency should facilitate the responsible use of electronic
health records, not overzealous efforts by CMS auditors to detect
fraud with auditing logs and related tools that track data sources.
An excessive auditing mandate, based on the use of technologies
with inherent limits, may impede the adoption of electronic health
records.
The more fundamental problem, however, is one that indi-
vidual physicians and hospitals are powerless to addressthe fact
that the extent of documentation in the electronic health record is
oftendirectlyrelatedtohowmuchphysicians andhospitals arepaid.
Thus, clinicians have incentives to err on the side of overdocumen-
tation, and the federal government and other insurers have incen-
tivestoaudit recordsandtrytosavemoney. Withadifferent payment
system, many of the concerns about potential misuse of copy-and-
paste would become moot. Such a solution, however, is not on the
horizon. Regardless of the payment model, physicians and hospi-
talsshoulduseelectronichealthrecordsresponsiblyandastheywere
intendedto improve patient care.
ARTICLE INFORMATION
Published Online: June 2, 2014.
doi:10.1001/jamainternmed.2014.2110.
Conflict of Interest Disclosures: None reported.
Disclaimer: Mr Weissburgs views are his own and
should not be attributed to the University of
Wisconsin Hospital Clinics.
REFERENCES
1. HealthIT.gov. Legislation and regulation.
http://www.healthit.gov/policy-researchers
-implementers/health-it-legislation. Accessed April
3, 2014.
2. Department of Health and Human Services.
Doctors and hospitals use of health IT more than
doubles since 2012. http://www.hhs.gov/news
/press/2013pres/05/20130522a.html. Accessed April
3, 2014.
3. Department of Health and Human Services
Office of Inspector General. Not all recommended
fraud safeguards have been implemented in
hospital EHR technology: OEI-01-11-00570. http:
//oig.hhs.gov/oei/reports/oei-01-11-00570.pdf.
Accessed April 3, 2014.
4. Centers for Medicare and Medicaid Services.
Data and programreports. http://www.cms.gov
/Regulations-and-Guidance/Legislation
/EHRIncentivePrograms/DataAndReports.html.
Accessed April 3, 2014.
5. Sebelius K, Holder EHJr. Letter to chief
executive officers of the American Hospital
Association, Federation of American Hospitals,
Association of Academic Health Centers,
Association of American Medical Colleges and the
National Association of Public Hospitals and Health
Systems. http://www.nytimes.com/interactive
/2012/09/25/business/25medicare-doc.html.
Accessed April 3, 2014.
6. Department of Health and Human Services,
Office of Inspector General. CMS and its contractors
have adopted fewprogramintegrity practices to
address vulnerabilities in EHRs: OEI-01-11-00571.
http://oig.hhs.gov/oei/reports/oei-01-11-00571.pdf.
Accessed April 3, 2014.
7. United States Code False Claims Act: 31 U.S.C.
3729-3733. http://www.gpo.gov/fdsys/pkg
/USCODE-2011-title31/pdf/USCODE-2011-title31
-subtitleIII-chap37-subchapIII-sec3729.pdf. Accessed
April 18, 2014.
Opinion Viewpoint
1218 JAMAInternal Medicine August 2014 Volume 174, Number 8 jamainternalmedicine.com
Copyright 2014 American Medical Association. All rights reserved.
Downloaded From: http://archinte.jamanetwork.com/ by a Universita Torino User on 08/08/2014