Meaningful Use EHR Audits: When, Not If - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Healthcare // Electronic Health Records
08:50 AM
Paul Cerrato
Paul Cerrato
Connect Directly

Meaningful Use EHR Audits: When, Not If

So your organization has accepted the feds' financial incentive. Now it's time to prove you're entitled to it.

Regardless of how much clinicians complain about their EHRs, if a hospital or medical practice accepts federal money to put them in place, it must prove it's using these electronic tools in a meaningful way, as defined by the Centers for Medicare and Medicaid Services. "When you pay $21 billion for a government program, you have to conduct appropriate oversight," Robert Anthony of the CMS said at the Healthcare Information and Management Systems Society (HIMSS) 2014 conference.

The CMS is performing pre-payment and post-payment audits on 5-10% of healthcare providers, choosing some of them randomly and others based on a CMS risk profile of suspicious or anomalous data. It's easy to get complacent when there's only a one in 10 chance of being audited, but that statistic is misleading. If 10% of all incentive recipients are audited in 2014, another 10% in 2015, and so on, eventually your organization will be targeted. As Tony Panjamapirom of the Advisory Board Co. put it in a separate HIMSS presentation: "I encourage you to think of the Meaningful Use audit as a matter of when you will get audited, not whether."

That Advisory Board Co. presentation, available on the HIMSS 2014 website, also pointed out the serious consequences of not taking the attestation and audit processes seriously. Panjamapirom explained that one provider was required to return $31 million in MU incentive payments because of an error in the EHR application it was using. Several high-level executives lost their jobs in the process. An independent report said Detroit Medical Center let go its chief medical information officer for similar missteps.

Be prepared for the audit
If the CMS decides to audit your organization, you will probably get an initial letter from Figliozzi & Co., the contractor the government has hired to conduct the vast majority of audits. Expect the letter to come electronically from a CMS email address.

The review will be conducted using information you provide in response to this request letter, but in some cases, the auditors will also conduct an on-site review and ask for a demonstration of your organization's EHR system.

One of the keys to passing a Meaningful Use audit is good documentation, which, by the way, needs to be retained for six years after attestation. That means holding on to the primary report generated by the EHR system, assuming that report was the basis for the attestation statement your organization submitted. That report should show the reporting time period for the attestation and the numerators and denominators for the quality control measures documented in your request for incentive payment.

For example, in Stage 2 of the MU program, providers must send a summary of patient care records for more than 50% of transitions of care or referrals. The denominator to meet this quality measure is the total number of transitions and referrals that occurred during the reporting period, while the numerator is the actual number of case summaries sent electronically to other facilities or clinicians. The numerator and denominator translate into a percentage the CMS is looking to confirm.

Also, keep in mind that numerators and denominators must match the numbers submitted on the CMS attestation form. That requirement may seem simple, but Anthony says you'd be surprised at how many providers have in-house documentation that doesn't match the numerator and denominators originally submitted to the CMS. One reason is that some EHR systems report these figures as snapshots, while others provide rolling totals. In the latter case, the system's tally changes as more data is entered. So the number of patients who received an electronic summary of their medical care when you submitted your initial attestation statement to CMS on May 2, 2013, for instance, will have increased by the time you saved a copy of the EHR tally on Sept. 2, 2013 -- thus the discrepancy.

The report must also show that it was generated for your individual organization. That is, it should include the National Provider Identifier, or CMS certification number, as well as your organization's name.

Some of the quality measures in the CMS regulations don't involve percentages but simply require your organization to answer Yes or No on its original report. In situations like this one, you'll need a different kind of documentation to verify that you've followed the rules.

For example, the MU program requires providers to prove they have the ability to share clinical data electronically with another care provider that has a different EHR system -- to prove the organization's interoperability capabilities. A CMS tip sheet on how to handle this type of documentation recommends "dated screenshots from the EHR system that document a test exchange of key clinical information (successful or unsuccessful) with another provider of care during the reporting period."

The prospect of an MU audit needn't keep healthcare IT managers up at night, but if you hope to survive the process without having to pay back the incentive dollars, your organization must organize the necessary documentation long before it gets that dreaded CMS letter.

Paul Cerrato has worked as a healthcare editor and writer for 30 years, including for InformationWeek Healthcare, Contemporary OBGYN, RN magazine and Advancing OBGYN, published by the Yale University School of Medicine. He has been extensively published in business and ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
7/23/2014 | 9:23:42 AM
Re: Meaningful Use EHR Audits
Good points, @tekedge. As you say, government and financial institutions frequently conduct audits (both mandatory and internal) to review monetary information. Few would argue that anything related to healthcare is more important than financial information. And in the case of Meaningful Use, it's related to both healthcare and money, since CMS is reviewing whether those funds were used appropriately. Whenever the government gives sizable amounts of taxpayer money, as a taxpayer I'm glad when it checks to ensure those monies were not misspent. The same thinking certainly applies here.

It's wise for healthcare organizations to be in an "audit mode," anyway. Given the increase in security breaches in this industry and the anticipated uptick in attacks on healthcare organizations and records, savvy healthcare orgs are making security audits part of their standard operating procedure.
User Rank: Author
7/22/2014 | 3:06:17 PM
A Fact of Life
Having meted out so much to help healthcare organizations invest in EHRs, it's unsurprising that CMS is now auditing practices, hospitals, and others to ensure they are doing what regulations call for. The best part apart being in a constant state of audit-preparedness is that you know your organization is up to code, doing everything it's supposed to be doing, and by doing so you are ready to get more than the mere minimum for that investment.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
How CIOs Can Advance Company Sustainability Goals
Lisa Morgan, Freelance Writer,  5/26/2021
IT Skills: Top 10 Programming Languages for 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/21/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll