The Centers for Medicare and Medicaid Services (CMS) have ‘upped the ante’ when it comes to Meaningful Use audits in 2015. Figliozzi and Company were the sole auditors for Meaningful Use until 2015. This year, however, the Office of Inspector General (OIG) is performing its own round of Meaningful Use audits, which differ slightly from the Figliozzi and Company in that they are focusing on certain measures over a three year period. Figliozzi and Company reviews all of the Meaningful Use measures for a single attestation period. The OIG has the following main goals behind their audits:
- Determine whether providers that received Medicare and/or Medicaid Meaningful Use incentive payments were entitled to the money
- Determine how well CMS oversees the Meaningful Use payments being made
- Identify CMS oversight of hospitals' security controls over networked medical devices that are integrated with EHR systems
- Determine whether covered entities and business associates, such as Cloud services and other "downstream service providers," adequately secure electronic patient Protected Health Information (PHI) created or maintained by certified EHR technology. The OIG specifically states that hospitals must conduct security risk analyses
- Determine the extent to which hospitals have EHR contingency plans, as required by HIPAA's security rule (Office of Inspector General, 2014, FY15 Work Plan)
It seems that the OIG is less concerned with individual provider compliance, but rather if the Department of Health and Human Services is doing their due diligence in monitoring the Meaningful Use program.
One out of every 5 Eligible Professionals (EP’s) are audited for Meaningful Use, so receiving one is not rare and does not mean you’ve done anything wrong. EP’s have already started receiving the new round of audit letters sent by the OIG, and the bottom line for either type of audit is that you need to be prepared! Preparation is key to successfully passing a Meaningful Use audit. Performing mock audits is recommended to be certain that, if you receive one of these dreaded letters, you can provide the information with ease and confidence.
Tips for passing a Meaningful Use audit:
- Screenshots. For the Meaningful Use measures that allow a yes/no for attestation (such as Meaningful Use Stage 2, Core 11 Patient List) – take screenshots. A snipping tool or Print Screen are great tools for getting the screenshots you need. However, make sure you store them in a place that is easy to access in the event of an audit. You will need electronic copies of everything in a Meaningful Use audit.
- Security Risk Analysis (SRA). Meaningful Use Stage 1 and Stage 2 both require a Security Risk Analysis. This measure has been the number one reason that EP’s have failed audits. A security risk analysis needs to be performed, documented, and dated within your Meaningful Use reporting period! Click here for a tip sheet on this measure.
- Have a designated Meaningful Use person appointed in your office. Lack of preparation and documentation in an audit is typically due to a lack of accountability in the doctor’s office—someone needs to be in charge of running the reports on a regular basis to make sure the measure thresholds are being met. Someone also needs to be responsible for making sure the proper screenshots are being taken to provide in the event of an audit.
Meaningful Use audits can be a scary and stressful event for any practice. However, they do not have to be. A little bit of preparation goes a long way in helping to make sure that, when and if you receive a Meaningful Use audit, everything goes as smoothly as possible.