Certification and the CMA (AAMA) Credential, On the Job, Professional Identity, Scope of Practice

CMS Audits as Safeguards Against Fraudulent Order Entry

In the continuing discussion about computerized provider order entry (CPOE), a frequent question concerns whether a noncredentialed health care professional could circumvent any safeguards and perform order entry into an electronic health record (EHR) system. As Rob Antony of CMS stated last year, it is indeed possible to do this. However, that possibility is one of the primary reasons for CMS audits, which could identify and penalize such behaviors. A standard EHR system would maintain a log of which staff members enter orders. Any practice found violating the requirements for order entry could be subject to financial penalties. The full text and video of Mr. Anthony’s statement follows:

“There’s not a requirement as part of certification that your certified EHR has to identify you as [a] credentialed [medical assistant]; there’s actually not a requirement within certification that you have to be identified as anything. However, for purposes of entry, for purposes of workflow, the [eligible professional] and the practice [have] to make sure that’s who is entering that information. We realize that not every EHR may have that information, but certainly a large number of them do, and I can anticipate that an auditor would ask for that log.”


“We don’t actually have any additional regulatory authority beyond what we have with incentive payments and payment adjustments, specific to this program for CPOE. It is possible for anyone to game the system here. That’s why an auditor might look at credentialing and would look at those audit logs to see whether or not that was likely to have happened. The authority here, or the clout, Is either if an auditor goes through and discovers that people were erroneously counted within a numerator and you did not actually meet meaningful use, you would forfeit an incentive payment, and then potentially [it would] be applied [to] the payment adjustments. So certainly if an auditor comes by afterward and discovered that your attestation was not correct, then it would be a forfeit of payment or a recoup of payment, and potentially things that are egregious fraud get sent for additional prosecution.”