Healthcare // Electronic Health Records
Commentary
7/22/2014
08:50 AM
Paul Cerrato
Paul Cerrato
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Meaningful Use EHR Audits: When, Not If

So your organization has accepted the feds' financial incentive. Now it's time to prove you're entitled to it.

Regardless of how much clinicians complain about their EHRs, if a hospital or medical practice accepts federal money to put them in place, it must prove it's using these electronic tools in a meaningful way, as defined by the Centers for Medicare and Medicaid Services. "When you pay $21 billion for a government program, you have to conduct appropriate oversight," Robert Anthony of the CMS said at the Healthcare Information and Management Systems Society (HIMSS) 2014 conference.

The CMS is performing pre-payment and post-payment audits on 5-10% of healthcare providers, choosing some of them randomly and others based on a CMS risk profile of suspicious or anomalous data. It's easy to get complacent when there's only a one in 10 chance of being audited, but that statistic is misleading. If 10% of all incentive recipients are audited in 2014, another 10% in 2015, and so on, eventually your organization will be targeted. As Tony Panjamapirom of the Advisory Board Co. put it in a separate HIMSS presentation: "I encourage you to think of the Meaningful Use audit as a matter of when you will get audited, not whether."

That Advisory Board Co. presentation, available on the HIMSS 2014 website, also pointed out the serious consequences of not taking the attestation and audit processes seriously. Panjamapirom explained that one provider was required to return $31 million in MU incentive payments because of an error in the EHR application it was using. Several high-level executives lost their jobs in the process. An independent report said Detroit Medical Center let go its chief medical information officer for similar missteps.

Be prepared for the audit
If the CMS decides to audit your organization, you will probably get an initial letter from Figliozzi & Co., the contractor the government has hired to conduct the vast majority of audits. Expect the letter to come electronically from a CMS email address.

The review will be conducted using information you provide in response to this request letter, but in some cases, the auditors will also conduct an on-site review and ask for a demonstration of your organization's EHR system.

One of the keys to passing a Meaningful Use audit is good documentation, which, by the way, needs to be retained for six years after attestation. That means holding on to the primary report generated by the EHR system, assuming that report was the basis for the attestation statement your organization submitted. That report should show the reporting time period for the attestation and the numerators and denominators for the quality control measures documented in your request for incentive payment.

For example, in Stage 2 of the MU program, providers must send a summary of patient care records for more than 50% of transitions of care or referrals. The denominator to meet this quality measure is the total number of transitions and referrals that occurred during the reporting period, while the numerator is the actual number of case summaries sent electronically to other facilities or clinicians. The numerator and denominator translate into a percentage the CMS is looking to confirm.

Also, keep in mind that numerators and denominators must match the numbers submitted on the CMS attestation form. That requirement may seem simple, but Anthony says you'd be surprised at how many providers have in-house documentation that doesn't match the numerator and denominators originally submitted to the CMS. One reason is that some EHR systems report these figures as snapshots, while others provide rolling totals. In the latter case, the system's tally changes as more data is entered. So the number of patients who received an electronic summary of their medical care when you submitted your initial attestation statement to CMS on May 2, 2013, for instance, will have increased by the time you saved a copy of the EHR tally on Sept. 2, 2013 -- thus the discrepancy.

The report must also show that it was generated for your individual organization. That is, it should include the National Provider Identifier, or CMS certification number, as well as your organization's name.

Some of the quality measures in the CMS regulations don't involve percentages but simply require your organization to answer Yes or No on its original report. In situations like this one, you'll need a different kind of documentation to verify that you've followed the rules.

For example, the MU program requires providers to prove they have the ability to share clinical data electronically with another care provider that has a different EHR system -- to prove the organization's interoperability capabilities. A CMS tip sheet on how to handle this type of documentation recommends "dated screenshots from the EHR system that document a test exchange of key clinical information (successful or unsuccessful) with another provider of care during the reporting period."

The prospect of an MU audit needn't keep healthcare IT managers up at night, but if you hope to survive the process without having to pay back the incentive dollars, your organization must organize the necessary documentation long before it gets that dreaded CMS letter.

Paul Cerrato has worked as a healthcare editor and writer for 30 years, including for InformationWeek Healthcare, Contemporary OBGYN, RN magazine and Advancing OBGYN, published by the Yale University School of Medicine. He has been extensively published in business and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
7/23/2014 | 9:23:42 AM
Re: Meaningful Use EHR Audits
Good points, @tekedge. As you say, government and financial institutions frequently conduct audits (both mandatory and internal) to review monetary information. Few would argue that anything related to healthcare is more important than financial information. And in the case of Meaningful Use, it's related to both healthcare and money, since CMS is reviewing whether those funds were used appropriately. Whenever the government gives sizable amounts of taxpayer money, as a taxpayer I'm glad when it checks to ensure those monies were not misspent. The same thinking certainly applies here.

It's wise for healthcare organizations to be in an "audit mode," anyway. Given the increase in security breaches in this industry and the anticipated uptick in attacks on healthcare organizations and records, savvy healthcare orgs are making security audits part of their standard operating procedure.
tekedge
50%
50%
tekedge,
User Rank: Moderator
7/22/2014 | 5:11:07 PM
Meaningful Use EHR Audits
Audits are the best way to look into practices and see that the organisation is working as it should. I think making audits mandatory keeps mistakes to the minimal and catches it before it blows out of proportion. In most countries any organisation which handles finances in a big way is always audited ! So I think since healthcare is so well documented here, and there are procedures, an audit is always good, though stressful to keep the financial and the procedural health of the organisation in place
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
7/22/2014 | 3:06:17 PM
A Fact of Life
Having meted out so much to help healthcare organizations invest in EHRs, it's unsurprising that CMS is now auditing practices, hospitals, and others to ensure they are doing what regulations call for. The best part apart being in a constant state of audit-preparedness is that you know your organization is up to code, doing everything it's supposed to be doing, and by doing so you are ready to get more than the mere minimum for that investment.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.