How to Prepare for a Meaningful Use Audit
As more practices implement electronic health record (EHR) technology and work to fulfill meaningful use (MU) requirements, they will also need to be prepared for a potential audit.
The Centers for Medicare and Medicaid Services (CMS) has started conducting pre-payment MU audits in addition to its ongoing post-payment audit process. In total, CMS plans to audit up to 10 percent of MU program participants—so there’s a good chance your practice could face an audit in the near future.
So what can you do to make the process as painless as possible? Get informed and be prepared. Here are three steps you can take:
1. Save Source Documents
The main piece of documentation you’ll need is a report generated by your EHR system that supports the MU attestation and includes the numerator and denominator values entered. This report must specify a time period and include a National Provider Identifier number, provider name, or practice name.
The easiest way to be prepared for a potential audit is to save the report, either electronically or as a hard copy, whenever you complete the MU attestation process. Some EHR systems change the numerator and denominator values after a reporting period ends, or your EHR may undergo upgrades after your initial attestation. So saving a copy of the report upfront will ensure that your documentation reflects the same values you entered at the time of attestation.
2. Produce and Save Additional Reports and Screenshots
In addition to the source documents, you’ll need to provide supporting documentation that shows compliance for other MU objectives. To do so, you may need to turn on specific EHR functions and take screenshots during the reporting period to support these “yes/no” measures. You’ll also have to deliver a security risk analysis. This is similar to what’s required for the Health Insurance Portability and Accountability Act (HIPAA), but it must be submitted more frequently—every year for MU versus every two years for HIPAA.
The key to a smooth audit experience? Make sure every report and document has a date from the reporting period to which you are attesting and indicates that it’s specific to your EHR and your practice. And if you have questions or need help along the way, get in touch with your EHR vendor or your auditors.
3. Remember, the Auditors Are Simply Doing Their Job
Audits are random and targeted, so just because you receive an audit notification that doesn’t mean your practice has made an error. The certified public accounting firm selected by CMS to perform MU audits, Figliozzi and Company, must oversee the program to ensure incentives are disbursed correctly. Although an audit requires some additional time and effort from you and your staff, a positive attitude and a commitment to cooperation will go a long way.
After submitting your materials to the auditors, you may face requests for additional documentation or clarification. Don’t panic—that doesn’t mean you’ve failed the audit. As long as you’re able to provide the necessary information to the satisfaction of the auditors, you should pass the audit and receive confirmation that you’ve met MU requirements.
Curious about what happens when a provider fails an audit? In the case of errors, missing documentation, or failure to meet all objectives, CMS requires providers to pay back all of the meaningful use incentives they’ve received. Providers may choose to appeal and can still meet meaningful use requirements in the years that follow. However, in the case of fraud, providers can face civil and criminal penalties.