News Feature | July 29, 2013

Best Practices To Prepare For Meaningful Use Audits

Source: Health IT Outcomes
Greg Bengel

By Greg Bengel, contributing writer

International law firm looks at what providers have learned from audits and how they can protect themselves moving forward

Over the past year, Meaningful Use (MU) audits performed by Figliozzi and Company —  the audit contractor for the Medicare EHR Incentive Program — have been a headache for many providers, many of whom felt frustration at the lack of knowledge and understanding they had about the audits.

But several months into the auditing process, providers have had time to wrap their heads around the Figliozzi and Company audits. Daniel Gotlieb and Randall Ortman of international law firm McDermott Will & Emery have documented some of the lessons learned by audited providers and identified some best practices for preparing for prepayment and postpayment MU audits. Read their entire article here at The National Law Review.

The article quotes a CMS publication to explain the prepayment audits. CMS incorporates automatic prepayment edit checks into the EHR Incentive Program attestation and payment systems, “to detect inaccuracies in eligibility, reporting, and payment.” They also conduct random prepayment audits that “may target suspicious or anomalous data.”

Gotlieb and Ortman further explain that providers selected for post-payment audits “must present supporting documentation to validate their submitted attestation data, and CMS will withhold payment of the incentive payment for the Eligible Provider’s subsequent EHR incentive payment year until the audit is resolved.”

To prepare for both prepayment and post-payment audits, Gotlieb and Ortman provide a list of best practices for providers. EHR Intelligence provides a condensed explanation of the five areas providers can focus on:

  • Knowledge core measures: In the event of an audit, all measures taken to fulfill MU objectives need to be supported by documentation. As such, Gotlieb and Ortman stress that providers should not neglect studying MU specification sheets and frequently asked questions (FAQs) published by CMS.
  • Identification of key MU stakeholders: Make sure the C-suite, clinicians, and health IT professionals are all on the same page, says the article.
  • Documentation of measure compliance: Always have physical documentation to prove that measures are met and that activities were performed.
  • Proof of EHR security: Providers must make sure they are in line with HIPAA regulations, and providers relying on cloud technologies must prove that their systems have been properly assessed for security.
  • EHR certification: Providers must have certified EHR technology, approved by an authorized certification body.