Electronic health records (EHR) and the use of copy/paste functions are hotly debated topics that have seen a surge in publicity recently. In fact, regulators are becoming increasingly concerned that the copy/paste function is contributing to an increase in provider fraud and abuse. Copying clinical documentation poses both clinical and compliance risk. With ICD-10 approaching and an increase in documentation complexity looming, organizations that allow clinicians to carry forward clinical documentation in electronic records will need to be ever more aware, and increase their focus on auditing its proper use in order to ensure document integrity. To start, it is important that providers are educated about this risk.

Inappropriate use of the copy/paste function decreases the integrity of the medical record, leading to the submission of false data to insurance payers and negatively impacting patient care. Specifically, it can lead to these risks:

  • Inaccurate or outdated information adversely impacting patient care;
  • Redundant information, creating the inability to determine current information;
  • Inability to identify the author or intent of documentation;
  • Inability to identify when the documentation first was created;
  • Propagation of false information;
  • Internally inconsistent or unnecessarily lengthy progress notes;
  • Inability to support or defend E/M codes for professional or technical billing notes;
  • Upcoding;
  • Documenting services not performed;
  • Multiple records with duplicative information; and
  • Inappropriate billing, resulting in overpayments to the facility.


Health information management (HIM) professionals know that medical necessity is proven by documenting diagnostic tests, services rendered, treatments provided and/or procedures conducted, all based on the patient’s illness, injury, prevention of diseases or other patient-specific needs. Based on this knowledge, appropriate uses of copy/paste functions require specific considerations.

The first consideration is related specifically to the document. Does the document support transparency, integrity and data accuracy? A non-auditable copy/paste function that does not support transparency of authorship or origination presents risks to the document’s integrity. Underlying concerns may include damage to the health record’s clinical trustworthiness and integrity. Misuse of copy/paste functions can create unanticipated risks, i.e., falsified patient encounters to create the appearance of meeting quality-of-care standards.

The second consideration is related to billing of the patient encounter. Is there suspected copy/paste misuse? Does the record contain an inappropriate amount of identical documentation? Does the documentation support medical necessity? The misuse of copy/paste can lead to inappropriate coding and billing, contributing to fraudulent claims processing (with the documentation including medical conditions that were resolved in the past and/or physical findings and symptoms that may be inconsistent with the rest of the healthcare record). If the documentation does not support medical necessity for the billed service, the claim is fraudulent.

The third consideration is auditing. Auditing allows an organization to identify gaps, create strategies and monitor the effectiveness of its programs. When an organization identifies a copy/paste utilization gap, it must decide how to monitor and measure appropriate use. Audit plan development includes determining precisely how the copy/paste function works. To determine what can and cannot be audited, organizations will need to work with their vendors. Audit plan strategies should include consideration for state, federal and regulatory documentation requirements, system tracking and audit trails, organizational use observation, and testing of system capabilities. Monitoring considerations include determining whether a copied event can be identified retrospectively and whether an appropriate, detailed audit log is generated when a copy is made – even during the course of rendering documentation.

The fourth consideration is the development of organizational policies and procedures. Communication, through the dissemination of policies and procedures, defines expectations regarding acceptable use, education, documentation guidelines, responsibility, auditing and reporting, and potential sanctions or penalties for not following the rules. If used appropriately, the copy/paste function can help providers work efficiently while maintaining optimal care and compliant documentation. Copy/paste functions are appropriate when information is clearly and easily distinguished from the original information, and is shown to be audible as such.

Copied information also may be appropriate when the information is based on external and independently verifiable sources, such as basic demographic data, which is stable over time. Examples of information that has been verified and has remained stable during a specific period of time include:

  • Demographics;
  • Medications;
  • Allergies;
  • Problems; and
  • Labs and treatment or therapies.


To mitigate vulnerabilities and risk, and to prepare for ICD-10 documentation complexities, analysis related to an organization’s current copy/paste utilization is imperative. Understanding how clinicians currently are carrying forward clinical documentation through this function will contribute to the development of appropriate use policies and the establishment of proper auditing and monitoring protocols to ensure document integrity.

About the Author

Melissa Akali, MHA, CHC, is a compliance and privacy officer for Precyse.

To comment on this article please go to editor@icd10monitor.com


American Health Information Management Association (AHIMA) (2012) Copy Functionality Toolkit – A Practical Guide: Information Management and Governance of Copy Functions in Electronic Health Record Systems.

Share This Article