Irony? I was well into editing this blog entry before being contacted last week by a DHHS Special Agent involved in a NYC investigation. One of my final suggestions — during a conversation that stretched past an hour — was that backups could verify whether data had been falsified. DHHS suspected that data was changed after they notified the office of their interest in specific bills and accompanying clinical documentation. Those backups (which DHHS has) may save this practice from trouble that ranges from fines to jail time.
Two weeks ago, I had a similar conversation with an attorney defending a malpractice case in FL, where the plaintiff’s attorney was accusing the doctor’s office of falsifying data after the doctor was notified of the pending lawsuit.
You see, when documentation supports your version of the story, an investigator’s next step is to simply wonder whether you falsified information. It’s virtually impossible to become bulletproof. But it’s very much within the realm of possibility to seal potential cracks.
One of the most overlooked ways to ensure you can prove you didn’t modify records, believe it or not, is your backup system. Just as a sign-in sheet containing a physical signature can demonstrate that a patient was actually in your office, backups can provide forensic evidence when you’re accused of falsifying records during a malpractice suit or audit. We’ve always suggested a rigorous backup schedule with multiple backups that extend to at least a year. However, it seems that extending this to include backups at 6 month intervals for 7 (or so) years is neither difficult nor expensive in today’s environment.
These days, the digital audit trail within your EHR may help protect you. However, audit trails can only go so far. An audit trail in your software may show that data was modified without tracking how that data was actually changed, or what it was changed from. There are myriad reasons for this, but the bottom line is that it’s always better to be prepared.
Backups of your data protect you from mishaps that affect your cash flow & daily office routine. As it turns out, they also present another way to prove your case when an unexpected audit or malpractice suit lands on your desk.
If your backup is maintained by a third party (e.g. cloud based), this will help build an unassailable wall of evidence to support your position. For ECLIPSE users, we recommend DataHealth, which is HIPAA accredited by URAC.
The ECLIPSE Encounter and your backups – when you take proper advantage of them – can help you prevent audits from turning into nightmares. The smart way to avoid problems is simple: lock your notes within a reasonable period of time (e.g. not more than a few days after the patient visit) & certainly never attempt to modify documentation – especially after you’re notified of an audit. (You can always add dated addendums.) Investigators may seize your files and will certainly attempt to forensically determine whether or not you changed existing data after you were notified that the payer or agency wanted more information.