EHR Cloning Practices Can Lead to Medicare Audits

EHR cloning practices can lead to audits.

(December 26, 2013): The Department of Health and Human Services (HHS) has long viewed the adoption of Electronic Health Records (EHRs) as a way to better coordinate care, improve the quality of care, reduce unnecessary paperwork, and eliminate duplicative medical testing. Based, at least in part, on these beliefs, Congress authorized incentive payments to encourage the widespread adoption of this technology by health care providers throughout the industry. While HHS remains convinced that EHRs have the potential to save lives and reduce costs when used appropriately, the agency's Office of Inspector General (OIG) has found that EHR systems have sometimes been misused by individuals and groups who wanting to game the system, and thereby obtain Medicare payments through the improper, or even fraudulent us of EHR cloning practices.

I. EHR Cloning Practices Have Been a Concern of the OIG for Some Time:

In its simplest form, "cloning" involves the copying and pasting of one or more sections of a previous Progress Note or other document onto a record documenting a later visit. Prior medical histories and other static portions of a medical records are prime candidates for cloning. Notably, this improper practice isn't necessarily new. Long before EHRs were implemented, some providers were accused of, and in many instances, were in fact, using word processing software to cut and paste records sections from one visit to another. While a health care provider's motives in doing so were likely innocent, the practice suggested that the health care provider may have not truly conducted a comprehensive examination of the patient. Both law enforcement agencies (such as OIG, the Federal Bureau of Investigation (FBI) and state Medicaid Fraud Control Units (MFCUs)), and program integrity contractors working for the Centers for Medicare and Medicaid Services (CMS), have previously cited EHR cloning practices as an issue in past investigations and audits.

II. Problems Resulting from EHR Cloning Practices:

With the adoption of EHR, cloning concerns have become increasingly more commonplace. Recent audits conducted by Zone Program Integrity Contractors (ZPICs), Recovery Audit Contractors (RACs) and other specialty contractors (such as Strategic Health Solutions) working for CMS have regularly cited EHR cloning practices as one of the reasons for denying coverage and payment of a health care provider's claims. While the copying and pasting of notes may speed up an examination and facilitate the quick completion of a cloning can be expedient, health care providers must realize that the practice is viewed with suspicion at best, and an a possible indication of fraud at its worst. Health care providers who practice cloning will subject themselves and their practices to increased scrutiny from both government enforcement officials and program integrity contractors.

III. The Implementation of EHRs Systems:

In recent years, EHR systems have gradually replaced the use of traditional paper medical records. The use of computerized recordkeeping to document and store patient health information has been aggressively encouraged by the government. EHR systems are views as "patient-focused" and are meant to instantly provide authorized users with real-time, secure, patient medical, care and treatment information. EHRs have been designed to include administrative clinical data relevant to a patient’s care under a particular provider, such as patient statistics like age and weight, progress notes, medications, medical history, and clinical test results.[1] More importantly, the health information in these records can be created and managed by authorized providers in a digital format capable of being shared across various health care entities.

The Health Information Technology for Economic and Clinical Health Act (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) to support the creation of a nationwide health information technology infrastructure that allows for the electronic use and exchange of health care information.[2] Its goal is to achieve widespread adoption of EHRs by 2014. The Office of the National Coordinator for Health Information Technology (ONC) coordinates the adoption, implementation, and exchange of EHRs. To encourage adoption and meaningful use of EHRs, ARRA also established the Medicare and Medicaid EHR incentive programs.[3] Since 2011, the Centers for Medicare & Medicaid Services (CMS) has paid $13.7 billion in incentive payments to eligible providers and hospitals that demonstrate meaningful use of Certified EHR Technology.[4]

IV. The Impact of EHR Systems on Documentation Practices:

The government has promoted EHR systems as a way to improve patient care and save money. According to CMS, implementing EHRs can:

Reduce the incidence of medical error by improving the accuracy and clarity of medical records, thereby increasing practice efficiencies and cost savings;

Make patient health information more readily available, which will reduce duplication of tests, reduce delays in treatment, and increase patient participation in their care; and

Improve the accuracy of diagnoses and health outcomes.[5]

Unfortunately, as with many new technologies, EHR has its limitations. There are a myriad of EHR systems being marketed to health care providers around the country. Not surprisingly, some EHR systems are earlier to utilize than others. Additionally, some systems are more prone to misuse than others. The health care industry is not immune to fraudulent practices. While the full extent of health care fraud is unknown, the scope of the problem has been estimated to range between $75 and $250 billion per year.[6] Many experts in the health information technology field warn that EHR technology may make it easier to commit fraud. [7] In fact, both the Department of Justice (DOJ) and HHS-OIG have expressed concern that some health care providers may attempt to use EMR systems to game the system and fraudulently obtain payments from Medicare, Medicaid and other payors. [8] A review of investigations, audits and prosecutions that have been brought have show that there are certain EHR documentation features – if used inappropriately – that can result if fraud. One of the most prevalent methods includes the improper coping and pasting of prior Progress Note entries onto a record documenting a more recent examination. Many EHR systems make it extraordinarily easy to engage in cloning.

V. Reasons Why Medicare Cloning Practices Can be Problematic:

As previously indicated, the practice of cloning can allow a health care provider to select information from one location in a patient's EHR and copy it in another section of the patient's record. For example, a health care provider can use cloning as a useful tool to replicate elements of a patient’s demographics on each page of the EMR. It was originally seen as a easy way to copy forward documentation that appeared to be the same in a patient’s medical record, items that may have not changed from a prior visit.

However, EHR cloning practices have led to a number of problems. When physicians, nurses, or other practitioners clone information but fail to update it or ensure accuracy, erroneous information may enter the patient’s medical record. As a result, inappropriate charges may be billed to patients or third-party health care payers. Furthermore, improper cloning can facilitate attempts to upcode claims and duplicate or create fraudulent claims.

Why has this improper practice grown? Frankly, there are a number of reasons why cloning now represents a significant problem. At the outset, it is important to keep in mind that health care providers are now under the proverbial "microscope." Past documentation practices that may have been acceptable are no longer accepted by the government. Abbreviated, incomplete records documenting an examination are unacceptable and will likely fail to qualify for coverage and payment when audited by a ZPIC or RAC. Health care providers are under increasing pressure to document patient visits and treatment records fully, in accordance with any Local Coverage Determination (LCD) requirements and National Coverage Determination (NCD) guidelines.

National Government Services, a Medicare Administrative Contractor (MAC), considers cloned documentation to be a misrepresentation of the medical necessity requirement for coverage because of the "lack of specific individual information for each unique patient" [9] If a program integrity contractor (such as a ZPIC, RAC or Specialty contractor) identifies cloned documents, it will likely deny payment for any associated claims on the basis that medical necessity had not shown.

VI. The Practice of Cloning is Not Always Inappropriate:

To be clear, it is not illegal per se, to copy a passage from a previous visit and copy it into the record of another visit. Nevertheless, you shouldn't think that the practice of cloning is supported by the government. Under certain circumstances, it might be appropriate to copy certain information from one location in EHR and paste it to another place in the patient's records. For instance, copying a portion of a prior records entry may be appropriate when reciting the elements of a patient’s prior medical history or the results of a prior diagnostic test administered. If you intend to copy information from a prior entry into the Progress Note documenting a more recent visit:

Take care -- accuracy counts. A health care providers must review the type of service that was provided, update it if necessary and bill accordingly. For example, a past history copied from a previous entry or date of service needs to be reviewed and revised (as appropriate), not simply copied and pasted into the new note. You cannot bill for a service that was provided at the time of previous visit. Look at the passage you intend to copy. Have you performed all the services discussed? Is the note being used to describe a prior visit OR are you merely trying to speed up your documentation of today's visit?

Review any cloned information to make sure the notes make sense for that date of service. A patient’s chief complaint should carry through to the physical and/or mental exam and history and support the decisions made and medical necessity. As to a patient’s range of systems (ROS), only document the systems that are actually completed during a specific visit. ROS findings from a previous visit must not be blindly copied. Furthermore, examine your documentation. Have you fully recorded an examination of systems that are consistent with today's chief complaint?

The bottom line is simple -- health care providers using "canned" templates when completing a Progress Note do so at considerable risk. When, and if, a Medicare ZPIC or RAC audits your records several years from now, will it appear that you merely copied findings from an earlier entry or will it be clear that you conducted an individualized examination of a patient and that your reported findings are accurate? Keep in mind -- it is difficult enough already for a health care provider to properly document medical necessity. Confusing the picture by copying and pasting portions of a prior record entry will likely diminish your efforts in this regard.

Make sure that you sign each piece of documentation as needed. The signature, whether actual or electronic, indicates that you agree with the information provided on that date of service. You should never "sign" a Progress Note or other record that has not been fully reviewed for accuracy.

Do not let the EHR select the codes or health information for you. Such automatic programs can lead to bad practices. You may be encouraged by the EHR program to examine an additional "system," despite the fact that your initial review of the patient did not find that the review of an additional system was medically necessary.

VII. Is Your EHR System is Helping or Hurting Your Compliance Efforts?

Health care providers should ensure that they have implemented (and are actively conducting) an effective auditing program. For example, audit logs that monitor user activity can be an important tool to combat fraud in the use of EHRs. These logs can record the date and time of entry, the user identification, and the type of access to the HER (e.g., creating, editing, viewing). Audit logs should also be able to capture encounters related to billing, or whether an EHR document is being exported or imported. Analyzing audit los will allow providers to prevent or detect fraud, such as identifying duplicative or fraudulent claims and inflated billing.

Practices should also implement policies and procedures designed to prevent the practice of improper cloning by their billing providers. While many practices may try to shift this burden of responsibility to EMR users, employee training is only measure that can be taken to reduce the likelihood of cloning. An organization should incorporate this issue into their Compliance Plan. Cloning should be added to a health care provider's list of ongoing risk issues to be considered by their staff members when documenting patient care and treatment.

VIII. Final Remarks:

Although the federal government is encouraging the implementation and use of EHRs, both law enforcement and CMS contractors have continued to focus on cloning as an area of ongoing concern. While the practice of cloning in EHRs may arguably enhance the efficiency of data input, this practice can easily be misused. It is therefore vitally important that health care providers effectively and properly use EHRs in their practices. Concerns over EHR cloning practices are an issue that is likely to remain scrutinized carefully by ZPICs and RACs. The most prudent approach would be for a health care provider to avoid this practice. When a contractor examines your EHR system, is it clear that you conducted an individualized, personalized examination of the patient?

Healthcare Lawyer

Robert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Liles Parker attorneys represent health care providers around the country in Medicare, Medicaid and private payor audits of claims by ZPICs, RACs, specialty contractors employed by CMS and by private payor Special Investigative Units (SIUs). For a free initial consultation, please give Robert a call. He can be reached at: 1 (800) 475-1906.

  • [1] CMS, Electronic Health Records Overview. Accessed at on Dec. 20, 2013.
  • [2] Pub. L. 111-5.
  • [3] ARRA, Title IV, Pub. L. 111-5.
  • [4] CMS, Medicare and Medicaid Incentive Provider Payments by State. Program Type: January 2011-March 2013. Accessed at on Dec. 20, 2013.
  • [5] CMS, Electronic Health Records Overview. Accessed at on Dec. 20, 2013.
  • [6] Based on CMS estimates of total health care expenditures in 2009. CMS, National Health Expenditure Data. Accessed at
  • [7] See Baer, Ivy. HIT Policy Committee Hearing on Clinical Documentation, Feb. 13, 2013.
  • [8] Letter from Eric H. Holder, Jr., Attorney General of the United States, and Kathleen Sebelius, Secretary of U.S. Department of Health & Human Services to Chief Executives of the American Hospital Association, Association of Academic Health Centers, National Association of Public Hospitals and Health Systems, Federation of American Hospitals, and the Association of American Medical Colleges (Sept. 24, 2012), available at
  • [9] National Government Services, Cloned Documentation Could Result in Medicare Denials for Payment. Accessed at