Electronic Health Records: An Audit and Internal Control Guide


Praise for Electronic Health Records An Audit and Internal Control Guide

"Busch has created a thought-provoking reference tool, equally for those contemplating adoptionof health information technology (HIT) or for those who have already done so. She identifies foundational but frequently overlooked areas such as audit trails, security, and healthcare business requirements—all essential for successful implementation. Ms. Busch clearly articulatesthe need for HIT to address both business and clinical requirements to attain the widely publicized benefits of this technology."
—Gail L. Graham, RHIA, CPHIMS, Director, Health Data and Informatics

Department of Veterans Affairs, Veterans Health Administration

"In a time of rapid change for managing health information, Ms. Busch has created a very usefulresource covering important concepts required to protect data integrity in electronic environments. This book advances adoption of EHRs for the benefit of healthcare consumers by offering a comprehensive view of the benefits and areas of concern faced by providers today."
—Rita A. Scichilone, MHSA, RHIA, CCS, CCS-P, CHC

Director, Practice Leadership

American Health Information Management Association

"Rebecca Busch's Electronic Health Records: An Audit and Internal Control Guide is an excellent resource for auditors in the healthcare industry. Ms. Busch gives a thorough description of the changing nature of information and data in this industry along with a wonderful 'Audit Implication Overview' to conclude each topic. Ms. Busch demonstrates substantial expertise and knowledge in the area of healthcare auditing that will greatly benefit auditors in this important industry."
—M. Kevin Robinson, CIA, CFE

President, Association of College and University Auditors

"As anyone who's tried to challenge a medical bill or insurance payment can attest, healthcare records are complicated and confusing. The healthcare industry was on the forefront of the 'paperless revolution,' but since there are so many different software programs in use, the challenges for fraud examiners and auditors are enormous. I am pleased that Rebecca has chosen to share her experience and expertise in analyzing these records. This book is essential for anyone dealing with healthcare records."
—John D. Gill, JD, CFE, Research Director, Association of Certified Fraud Examiners

"Auditing and controlling medical records can be a monumental task, but it is critical for healthcare organizations to keep information private and secure. This book is a comprehensive resource that provides clear guidance and good practices regarding the current and future healthcare e-information landscape."
—Lynn Lawton, CISA, FBCS CITP, FCA, FIIA, PIIA, International President, ISACA

Rebecca S. Busch, RN, MBA, CCM, CBM, CHS-III, CFE, FHFMA, is President and CEO of Medical Business Associates, Inc. (MBA), a consulting firm specializing in healthcare audits for employers, hospitals, and insurance companies. MBA has just released an electronic version of its PHR system, Portfolia, the most comprehensive tool in the market to help individuals manage their health care experience and mitigate medical and financial errors. She has over twenty years of progressive achievement in the healthcare management industry. She is a faculty member of the Association of Certified Fraud Examiners (ACFE), has published numerous articles, and is a frequent public speaker. Her firm can be found at


About the Author.



Chapter 1. Market Background.


How is Electronic Information Created?

Information Technology Considerations.

How is Health Information Created?

Review of Primary HCC Market Players.



Third Party Vendors.


Review of HCC Secondary Market Players.

Major Initiative for E-Health.

Audit Implication Overview.

Chapter 2. Industry Application.

Public Uses.

Private Uses.

Information Continuum.

Market Standards and Initiatives.

Agency for Healthcare Research and Quality.

Health Level Seven.

Certification Commission for Healthcare Information Technology.

Department of Defense Records Management Program.

Association of Records Managers and Administrators.

Audit Implication Overview.

Chapter 3. Impact of E-Health on Case Management.

Financial Picture.

Hospital-Based FCM Application.

Background Information and Provider Perspective.

Problem: Getting Paid Correctly for Services Provided.


Additional Findings.


Consumer-Based FCM Application.

Market Problems: The Industry as It Operates Today.

Consumer FCM Model.

Healthcare Portfolio Application.

Virtual Case Management.

VCM Payer Model.

VCM Patient Model.

VCM Hospital Model.

VCM Physician Model.

VCM Allied Health Services.

VCM Nontraditional Health Services Model.

VCM Other Business Services Model.

Audit Implication Overview.

Chapter 4. Data in an E-Health Environment.

Data Library.

Data Intelligence.

New Data.

More New Data.

Processed Data.

Data Warehouse.

Audit Implication Overview.

Chapter 5. Algorithms.


Understanding Algorithms.

Data Elements.

Case Study.

Algorithm Selection

Auditor Implication Overview.

Chapter 6. Data-Driven Health Decisions in an E-Health Environment.

Knowledge Models.

Primary Healthcare Continuum.

Secondary Healthcare Continuum.

Information Continuum.

Third-Party Vendor Knowledge Model.

Knowledge Models For White-Collar and Organized Crime.

Sample Identity Theft Case.

Medical Identity Theft.

Medical Identity Theft – Definition.

How Medical Identity Theft Occurs.

Damages To Primary Victims.

Medical Identity Theft From A Consumer Perspective.

When The Consumer Is Not Aware.

When The Consumer Is Involved.

When An Individual Wants Products Or Services.

Damages To Secondary Victims.

Medical Identity Theft From An Entity’s Perspective.

Auditor Considerations.

Sample Fraud Case.

Sample Pharmaceutical Fraud Case.

Audit Implication Overview.

Examples Of Worldwide Activity.

Chapter 7. Analytic Tools and Audit Checklists.

E-Health And Healthcare Business Processes.

Patient Business Process.

Problem #1: Financial Case Management Advocacy.

Problem #2: Clinical Case Management Advocacy.

Provider Business Process.

Problem #1: Lack Of Electronic Internal Controls.

Problem #2: Lack Of Internal Controls With User Identity.

Problem #3: Lack Of Internal Controls For Services Provided And Charged.

Payer Business Process.

Problem #1: Use And Loss Of Health Information – Handling Subcontracted Vendors.

Problem #2: Lack Of Insurance – Processing Fraudulent Claims For Enrolled Beneficiaries.

Plan Sponsor Business Process.

Problem #1: Employee Working Environments.

Problem #2: Employer Increase In Healthcare Expenditures.

Third-Party Vendor Business Process.

Problem: Increase In Pharmaceutical Expenditures.

Audit Implication Overview.

Chapter 8. Electronic Health Records.

Current E-Health Offerings.

Market Evolution.

E-Health Content Standards.

E-Health Offering Vulnerabilities.

Audit Implication Overview.

Chapter 9. Healthcare Portfolio.

Health Infomediary Support.

PHR Attributes.

Future Considerations.

Major Market Activity.

Audit Implication Overview.

Chapter 10. Conclusions.

Market Overview.

Market Standards.

Market Conflicts.

Market Intelligence.

Market Audits.

Market Directions.

Consumer Response to PHRs.

Audit Implication Overview.