How to use advanced analytics to mitigate EHR data risks

04.05.2016
Over the past seven years, the federal government has established a set of incentives and fines — carrots and sticks — to promote and expand the use of healthcare information technology, particularly the meaningful use of electronic health record (EHR) systems.

In a recent report, PwC's Advanced Risk & Compliance Analytics practice found that due to the government's carrot and stick, EHR implementation initiatives usually concentrated on the core challenge of meeting tight timelines while managing costs. After all, these initiatives are often the largest projects these organizations undertake.

Organizations have made implementation risk mitigation a priority, but PwC says that due to the complexity inherent in such large-scale IT projects, organizations have not always made such risk mitigation their central, short-term focus.

Now that the dust of initial implementations has largely settled, PwC says many organizations have begun objectively assessing their EHR systems to identify areas that may not have delivered the value they had hoped for.

[ Related: How a medical device maker took control of its sales data ]

Jeff Hoover, a partner in PwC's Advanced Risk & Compliance Analytics practice, says the use of advanced analytics for prelive testing and postlive monitoring can go a long way toward helping organizations identify the gaps left by their rush to implement and mitigate the risks.

In particular, Hoover says, PwC has identified four key EHR data risks where advanced analytics can pay huge dividends.

When it comes to systems as large and complex as an EHR system, sample testing may not always suffice, and can expose the organization to risks at go-live. PwC notes that incomplete testing can lead to patient safety concerns, charging errors, revenue leakage, work flow inefficiencies, interoperability challenges, segregation of duties, noncompliance, medical device and printer connectivity and more.

PwC points to one healthcare organization that performed interface functional testing and interface charge testing before going live. However, the sample testing didn't establish complete coverage over the quality and referential integrity of the underlying data. The interfaces were sending the correct number of charges into the EHR system, but there were mapping issues with certain fields that had not been covered in the sample testing, as well as incorrect and incomplete data housed in the ancillary radiology system.

[ Related: IBM puts Watson to work on cancer with new patient-advisor tool ]

It turned out the "Service Provider" field from an ancillary system had been incorrectly mapped to the "Billing Provider" field in the EHR system, which led to large numbers of high-priced claims billed under the Resident instead of the correct Physician. This generated millions of dollars in denials.

Due to the severity of the risks, PwC recommends organizations take a thorough, data-driven approach to assessing the effectiveness and completeness of an EHR system.

"A lot of times, testing is done on a sample basis," Hoover says, noting that this is frequently done to save time and money. "Given the consequence of failure and the time and effort involved, you're better off spending the money up front."

PwC notes that EHR implementations are often the largest single project and organization undertakes. The cost can reach billions of dollars in some cases. And that cost doesn't even factor in associated costs like revenue leakage, decreased efficiency around go-live, charge description master conversion errors and lost reimbursements caused by a new denials-and-remittance process.

PwC recommends using analytic forecasting tools to help you prepare for the unexpected.

"One of the analytics that we recommend is an analytic on all your expectations once you do go-live," Hoover says. "you want to look at what was happening three months before and in the same months a year before. You're dealing with materiality issues. It's the sum of the small parts that all of a sudden equal huge dollars."

For instance, Hoover notes that when physicians make their rounds, there's a certain charge that should be associated with those rounds. Hundreds of physicians may be going through that process on a daily basis. If the physicians don't record those charges properly, or the system wasn't designed properly, that can add up to millions of dollars of revenue leakage in a few months.

On the face of it, that may seem like it would be easy to spot, but for a provider with $2.5 billion in annual revenue, a shortfall of $2.5 million can go unnoticed. And, in fact, that very thing happened to one academic multispeciality healthcare system PwC worked with.

It performed a post implementation internal audit assessment of the current state of its EHR utilization, the system's impact on charge capture and revenue reconciliation processes and the utilization of EHR reporting tools. A one-month historical look back two years after its EHR system's go-live revealed 13,200 signed notes with missing professional charges and an estimated $2.5 million in revenue leakage from the inpatient setting.

"It takes a while for the statistics to get through the system," Hoover says. "The investigation wasn't as thorough on the root cause because some individuals didn't know to go hunting for it. It's a challenge to find it and get to the root cause and make the change to fix it."

With a baseline of historical data, analytics can be used to flag such anomalies and track down the cause early.

The Office of Inspector General (OIG) and other regulatory bodies have made analytic risk assessments and compliance top priorities. They are demanding greater accountability and precision with regard to governance, process, risk and controls. OIG, in particular, has hired external auditors to assess certain key compliance factors, including HIPAA violations, and is imposing substantial fines for those violations.

PwC recommends organizations perform data-driven assessments to help them deliver the precision that regulators are demanding.

"There's so many areas you can test," Hoover says. "Security is one: employee master files. Who has access to make changes Is the file complete, accurate and mapped to the right responsibility Is it leveragable throughout the organization"

The Affordable Care Act has caused many changes in the healthcare vertical, not the least of which is a shift from fee-for-service reimbursement models to pay-for-performance. The programs cover value-based purchasing, readmission reductions and hospital-acquired-conditions reduction. In fiscal 2015, measures against hospital-associated-infections went into effect. But the implementation of a new EHR system can play havoc with an organization's understanding of the quality and integrity of the data sources feeding those measures.

PwC recommends organizations leverage analytics to validate data integrity and monitor the performance of targeted improvement projects.

"Start with a comprehensive PMO process," Hoover says. "The investment would pay off in spades."

"The emphasis should be on the continuous monitoring of activity," he adds. "Regulators expect it. Management expect it. You can build that monitoring in a number of ways. You're going to need data analytics professionals, data scientists in many of these organizations. Once you get good at your core business, you can do a lot of ad hoc analytics."

(www.cio.com)

Thor Olavsrud

Zur Startseite