Copyright 2014 American Medical Association. All rights reserved.

The Role of Copy-and-Paste in the HospitalElectronic Health Record

Before electronic health records: If you did not docu-ment it, you did not do it.

After electronic health records: You documented it,but did you do it?

After a slow start, hospitals in the United Stateshave rapidly adopted electronic health records, asencouraged by the Health Information Technology forEconomic and Clinical Health Act of 2009 (HITECH).1

By May 2013, more than 3800 hospitals, or about80% of the hospitals that were eligible, had receivedincentive payments from the Centers for Medicare &Medicaid Services (CMS) related to the adoption,implementation, upgrading, or “meaningful use” ofthese records.2 Yet the application of electronic healthrecords can be a double-edged sword. Their use canincrease efficiency, facilitate information sharing,standardize hospital processes, and improve patientcare1,3,4 But their use can also have unintended conse-quences and be subject to abuse, such as when dataare duplicated or templates and checkboxes are usedto generate standardized text without a good medicalreason.

The duplication of data in the electronic health rec-ord from one location to another is known as “cloning”5

or “copy-and-paste”3,6 and may more generally refer tomultiple features, including autopopulate and tem-plates and checkboxes that generate standardizedtext. Copy-and-paste is related to, yet differs from,“overdocumentation,”3,6 the practice “of inserting falseor irrelevant documentation to create the appearanceof support for billing higher level services,”3,6 as well as“upcoding,”5 the assignment of an inaccurate billing codeto a medical procedure, treatment, or visit to inflate re-imbursement.

In September 2012, federal officials warned about“the misuse of electronic health records to bill for ser-vices never provided,”5 and that law enforcement agen-cies “will take action where warranted.”5 Two recent re-ports from the Office of Inspector General of theDepartment of Health and Human Services (OIG) ana-lyzed how electronic health record technology can makeit easier to commit fraud and found deficiencies in theimplementation of recommended safeguards.3,6 The of-fice recommended that the CMS develop a “compre-hensive plan to address fraud vulnerabilities”3 and pro-vide guidance to hospitals on the use of copy-and-paste.3

The OIG also recommended that CMS instruct its audi-tors to detect fraud and that audit logs that detect du-plicated text be operationalized and used by CMS con-tractors to assist in fraud detection.3,6 Although thefederal government has focused on hospitals, the mis-use of copy-and-paste in office-based physician prac-tices would raise similar issues.

Does the Use of Copy-and-Paste Equal Fraud?Clearly, technology makes it easier to commit fraud whenphysicians use tools such as copy-and-paste or tem-plates inappropriately. The use of these features may alsocontribute to poor quality in clinical notes. For in-stance, a social history copied and pasted into an admis-sion note may indicate that a patient who is a candidatefor a liver transplant is still consuming alcohol, when infact the patient has been sober for months. A physicianusing templates and prefilled checkboxes may care-lessly document a complete physical examination by de-fault when he or she only conducted a more limitedevaluation. With the erroneous use of copy-and-paste,the physician’s assessment and plan may document a de-cision to start treatment with antibiotics “today” for sev-eral days in a row, before the mistake is recognized andcorrected.

Yet these same features of electronic health rec-ords can be efficient and clinically useful when used prop-erly. Although traditional handwritten notes may oftenhave been more concise and exclusively served a clini-cal need, the purposes of a physicians’ notes have beenbroadened by their use for billing, to fulfill regulatory re-quirements, such as compliance with federal standardsfor the meaningful use of certified electronic health rec-ords technology,4 and to collect data for use in standard-ized measures of quality. For example, a core measureof meaningful use is a problem list of current and activediagnoses that all physicians update and use. Unless theproblem list changes, it should be identical in each notethat refers to it. Time spent in “counseling and coordi-nation of care” may appear in a template to remind phy-sicians to document the time spent with the patient, notto upcode but to support payment for actual care pro-vided. A template or checklist for the care of a patientwith myocardial infarction may help the physician to re-member to prescribe a β-blocker or to offer smoking ces-sation counseling. And if a successful cholecystectomyhappens in exactly the same way for 3 consecutive pa-tients, the accompanying identical documentation of thesurgical procedures should be welcomed.

The federal government uses a range of federal laws,including the False Claims Act, in detecting and pros-ecuting health care fraud.7 When copy-and-paste is used,fraud is a concern when the documentation is known tohave been duplicated or created prior to the episode ofcare for which reimbursement is claimed. Yet it is tooeasy, and often mistaken, to equate a physician’s rou-tine use of copy-and-paste with fraud. Data replicationis a feature of electronic health records; facts beyond themere use of duplicated text are required to establish thata note may be fraudulent. Any process by which care isdocumented could be fraudulent. However, no process

VIEWPOINT

Ann M. Sheehy, MD,MSDivision of HospitalMedicine, Departmentof Medicine, Universityof Wisconsin School ofMedicine and PublicHealth, Madison.

Daniel J. Weissburg,JD, CHCUniversity of WisconsinHospital and Clinics,Madison.

Shannon M. Dean, MDDivision of PediatricHospital Medicine,Department ofPediatrics, University ofWisconsin School ofMedicine and PublicHealth, Madison.

CorrespondingAuthor: Ann M.Sheehy, MD, MS,Division of HospitalMedicine, Departmentof Medicine, Universityof Wisconsin School ofMedicine and PublicHealth, 1685 HighlandAve, MFCB 3126,Madison, WI 53705(asr@medicine.wisc.edu).

Opinion

jamainternalmedicine.com JAMA Internal Medicine August 2014 Volume 174, Number 8 1217

Copyright 2014 American Medical Association. All rights reserved.

Copyright 2014 American Medical Association. All rights reserved.

by which care is documented, including a process that includes datareplication, is by definition fraudulent. You documented it, but did youdo it? is problematic only if services were documented that were notactually performed.

What Is the Solution?In our view, the federal government and other insurers should notpenalize physicians and hospitals for responsible use of tools in theelectronic health record that facilitate efficiency and the appropri-ate standardization of the documentation of care. Yet misuse of copy-and-paste is a serious issue that cannot be ignored. Ironically, thebest solution to this problem of overautomation is, quite simply, ahuman one. Hospitals, as our medical center has done, should cre-ate their own internal documentation policies to remind physiciansand other clinicians that they are legally responsible for the accu-racy of their clinical notes, regardless of how much of the content isoriginal or replicated. In a survey conducted between October 2012and January 2013, the OIG found that only 24% of hospitals had acopy-and-paste policy.3 Such policies should include specific lan-guage to prohibit copying information from one patient’s record toanother patient’s record, mandate that information replicated fromanother provider’s note be properly attributed to the original source,and require that providers only document the services they actu-ally performed. The electronic health record is not to blame for thecarelessness of individual physicians or willful ignorance about thedifference between a problem with the technology and a problemwith how it is used.

Hospitals, however, also have responsibilities. For example, hos-pitals should only encourage and permit documentation and billing

that is needed to support the care that patients actually receive.Some clinicians may require training in responsible documenta-tion. Logs that identify the percentage of copy-and-paste text in clini-cal notes may be a helpful adjunct in reviewing the documentationof care. Such automated logs, however, cannot replace individualreview, as the electronic tools that detect similarities between clini-cal notes cannot easily distinguish between similarities that repre-sent standardized care, as encouraged by HITECH, and those thatmay reveal fraud.

As of May 2014, CMS had yet to provide guidance to hospitalsand its auditors on the use of copy-and-paste. When CMS issues guid-ance, the agency should facilitate the responsible use of electronichealth records, not overzealous efforts by CMS auditors to detectfraud with auditing logs and related tools that track data sources.An excessive auditing mandate, based on the use of technologieswith inherent limits, may impede the adoption of electronic healthrecords.

The more fundamental problem, however, is one that indi-vidual physicians and hospitals are powerless to address—the factthat the extent of documentation in the electronic health record isoften directly related to how much physicians and hospitals are paid.Thus, clinicians have incentives to err on the side of overdocumen-tation, and the federal government and other insurers have incen-tives to audit records and try to save money. With a different paymentsystem, many of the concerns about potential misuse of copy-and-paste would become moot. Such a solution, however, is not on thehorizon. Regardless of the payment model, physicians and hospi-tals should use electronic health records responsibly and as they wereintended—to improve patient care.

ARTICLE INFORMATION

Published Online: June 2, 2014.doi:10.1001/jamainternmed.2014.2110.

Conflict of Interest Disclosures: None reported.

Disclaimer: Mr Weissburg’s views are his own andshould not be attributed to the University ofWisconsin Hospital Clinics.

REFERENCES

1. HealthIT.gov. Legislation and regulation.http://www.healthit.gov/policy-researchers-implementers/health-it-legislation. Accessed April3, 2014.

2. Department of Health and Human Services.Doctors and hospitals’ use of health IT more thandoubles since 2012. http://www.hhs.gov/news/press/2013pres/05/20130522a.html. Accessed April3, 2014.

3. Department of Health and Human ServicesOffice of Inspector General. Not all recommendedfraud safeguards have been implemented inhospital EHR technology: OEI-01-11-00570. http://oig.hhs.gov/oei/reports/oei-01-11-00570.pdf.Accessed April 3, 2014.

4. Centers for Medicare and Medicaid Services.Data and program reports. http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/DataAndReports.html.Accessed April 3, 2014.

5. Sebelius K, Holder EH Jr. Letter to chiefexecutive officers of the American HospitalAssociation, Federation of American Hospitals,Association of Academic Health Centers,Association of American Medical Colleges and the

National Association of Public Hospitals and HealthSystems. http://www.nytimes.com/interactive/2012/09/25/business/25medicare-doc.html.Accessed April 3, 2014.

6. Department of Health and Human Services,Office of Inspector General. CMS and its contractorshave adopted few program integrity practices toaddress vulnerabilities in EHRs: OEI-01-11-00571.http://oig.hhs.gov/oei/reports/oei-01-11-00571.pdf.Accessed April 3, 2014.

7. United States Code False Claims Act: 31 U.S.C.§§ 3729-3733. http://www.gpo.gov/fdsys/pkg/USCODE-2011-title31/pdf/USCODE-2011-title31-subtitleIII-chap37-subchapIII-sec3729.pdf. AccessedApril 18, 2014.

Opinion Viewpoint

1218 JAMA Internal Medicine August 2014 Volume 174, Number 8 jamainternalmedicine.com

Copyright 2014 American Medical Association. All rights reserved.