The goal for the “meaningful use” EHR Incentive Program (MU) is to promote adoption and implementation of certified electronic health records (CEHRs) to improve quality, safety, efficiency, and reduce health disparities. In order to achieve this goal, Amy Sheide, RN, BSN, MPH, with 3M Health Information Systems, said in her Tuesday convention presentation “The Emergence of Meaningful Use Audits” that eligible healthcare organizations (HCOs) and providers must engage patients and families in their healthcare, improve care coordination, ensure adequate privacy and security protections for personal health information, and improve population and public health.
HCOs and providers must meet the MU criteria every year in order to receive incentives. To receive the incentive funds, providers must attest that they have met all the criteria. Anyone who receives an EHR incentive payment for either the Medicare EHR Incentive Program or the Medicaid EHR Incentive Program potentially may be subject to an audit.
The Audit Process Begins
The auditing has already begun. For Medicare, in 2011 there were automatic checks against the Centers for Medicare and Medicaid Services (CMS) database to verify provider information when they registered for the program and there was a comparison of the CEHR certification numbers to the Office of the National Coordinator for Health IT’s (ONC) certification numbers.
CMS began auditing providers who received payments under the MU program in 2012. The accounting firm Figliozzi and Company was retained by CMS to conduct the audits. They requested that providers who have already received their payments submit documentation to support their attestation and further prove that they met all the MU criteria.
In 2013, select Medicare providers have been chosen for pre-payment audits that included random audits as well as post-payment audits targeting suspicious or irregular data. Providers selected for the pre-payment audit will also have to submit supporting documentation to validate their attestation.
Effective now, there are a number of pre-checks that have been built into the attestation process to detect inaccuracies in eligibility, reporting, and payment. Figliozzi and Company will also continue to conduct post payment audits.
Required Audit Documentation
The documentation that is required to support MU attestation during an audit includes the CEHRs certification number, methods of calculating emergency room admissions, the core and menu attestation responses, and the payment calculation methods. In addition, the covered attestation time period, exclusions, percentage measures, yes/no measures, and the clinical quality measures (CQMs) must all be retained to prove eligibility, time frame, and that measures were all met.
How CMS Conducts an Audit
Selected providers will receive an e-mail letter from the auditor to the attestation address. The letter will come from a CMS e-mail address and will include the auditor’s contact information. The initial review will be conducted at the auditor’s location using the information received from the provider. In some cases, an onsite review at the provider’s location may follow.
There are challenges for proving that the criteria for meaningful use have been met. There is ambiguity in the final rule that informs the MU process, unreliable CEHR reports, multiple CEHR systems and modules and multiple practice locations. The rule is not clear on what information can only be generated from the CEHR. There are no guidelines as to what documentation must be kept and provided during an audit. Many CEHRs do not have the capability to calculate the CQMs and numerators/denominators are mismatched. Counting unique patients, a requirement for several MU measures, may be challenging between systems and for multiple practice locations since the number count may be objective or the percentage based on measures.
Failure to Meet Attestation Requirements
Once the audit is complete, the provider will be notified if they were determined to meet the MU criteria. If the provider is found ineligible, or failed to meet even one measure, the payment will be recouped.
Preparing an Organization for the Audit
Providers and HCOs must take steps now to not only prepare for MU attestation, but also prepare for a following audit. There are steps that can be taken to meet both objectives.
Trust but Verify
According to Sheide, providers and HCOs must verify the reporting from their CEHR has synchronized the data from multiple systems, validate that the CQMs have calculated correctly, and ensure compliance with standard terminologies to ensure accurate reporting across the systems. Organizations need to monitor all the necessary sources of data for MU compliance.
Organizations also must be able to answer the following questions:
- Are the data sources reliable?
- Is the data organized?
- Which fields of your CEHR system(s) must be completed for MU data collection?
Documentation for Audits
The documentation used for the attestation needs to be retained either electronically or on paper records. Keep screenshots and audit trails to show when certain criteria, such as clinical decision support, is turned on and be able to show that this is on throughout the reporting period. Record of exclusion criteria must be retained, and all information must be retained for six years.
Sheide says the biggest take way attendees should take from her presentation is that it is vital to prepare now for a possible audit.
“Ask the right questions, know where your data is coming from, test your results, and be sure it is what you expect,” she said.
Follow the news and get insights from AHIMA’s 85th annual Convention and Exhibit being held October 26-30 in Atlanta, GA. For a complete list of event coverage on the Journal of AHIMA website, click here.