With both Centers for Medicare and Medicaid Services (CMS) and the Government Accountability Office (GAO) ready to step up the policing of the HITECH Act’s EHR incentive payments, it looks like it’s time to get ready for the emergence of the meaningful use audit.
Earlier this year, participants attending the HIMSS 2012 conference in Las Vegas heard from CMS staff about audit programs targeted at healthcare organizations claiming EHR incentive payments. Now the Government Accountability Office (GAO) has weighed in with recommendations to CMS on improving the integrity of the process of verifying provider eligibility for incentive payments.
The government’s meaningful use audit was always planned
As CMS and the Office of National Coordinator (ONC) proceeded with implementation of the EHR incentive program provided for in the HITECH Act, CMS adopted a self-certification strategy for providers to certify their meaningful use of certified EHR technology, and claim incentive payments. However, CMS always planned to follow up with a meaningful use audit process to verify the accuracy of the claims made by providers. Among the points made by the CMS staff included the following:
- One deficiency in meeting a required Meaningful Use measure will result in a finding of non-compliance, and CMS will move to recoup the entire incentive payment.
- CMS will use some type of risk factor approach to decide whom to audit. CMS may not disclose the factors it considers, but the combination could include providers who have been subject to previous audits.
- A meaningful use audit of a provider claiming incentives under the Medicaid program will be subject to a different audit program, which will be administered by state Medicaid agencies.
The GAO issues recommendations to CMS on their administration of EHR incentive programs
In April 2012, the GAO issued an 83-page report on the first year of the EHR incentive programs administered by CMS. The report contained four major recommendations:
- CMS should establish timeframes evaluating the effectiveness of its Medicare EHR incentives audit strategy.
- CMS should request more information from Medicare providers during the attestation process.
- CMS should evaluate extent to which it should conduct more verifications on a prepayment basis.
- CMS should consider collecting meaningful use attestations from Medicaid providers on behalf of the states.
The implications of these recommendations are clear. CMS should move more quickly on its meaningful use audit process, and on evaluating how that process is working. CMS suggested state Medicaid agencies collect more information from providers during the attestation process to make post-payment audits easier. The GAO says CMS should adopt its own recommendations for attestations by Medicare providers. And CMS should consider more prepayment verifications.
Proactive steps in preparation for a meaningful use audit
So it’s clear that a meaningful use audit process is coming, even if the method for selecting providers is not transparent. With that in mind, here’s what providers should do with these two converging trends:
- Make sure you make and keep hard copies or digital copies in PDF format of any reports you relied on to document meaningful use.
- Document the reasons for claiming an exemption from any meaningful use measures that do not apply to your organization or practice.
- If you rely on the FAQs interpreting meaningful use questions on the CMS website, keep a dated copy of the FAQ content with your other meaningful use documentation. CMS is not rigorously maintaining time and date stamps on these FAQs, and the content may change over time. During an audit, the contents of a FAQ an auditor is relying on may now be different than the content you relied on when making your attestation.
- Don’t forget about the requirement for a HIPAA Security Risk Assessment. This is a measure that your system vendor most likely will not help you with. And an auditor will not be impressed with statements like “of course we do that” if you have no documentation to back it up.
Right now, failure in an audit of meaningful use attestation may “only” result in a recoupment of the incentive payments. For almost any healthcare provider, from a solo physician practice to a large medical center, that will be a significant financial burden. But what happens if your audit takes place in the third or fourth year of receiving incentives, and the repayment period goes back for several years? Could CMS consider this a more serious violation, maybe even rising to the level of making false claims?
Don’t take any chances; analyze your compliance with meaningful use measures carefully. Document that compliance, and make sure you can retrieve it if and when the time comes!