CMS and the Office of Inspector General (OIG) have taken steps to audit how providers are meeting meaningful use requirements. Approximately 5 to 10 percent of all meaningful use participants are being audited; however, this number may rise.
- CMS hired Figliozzi & Company to perform the audits of providers who have attested to having achieved meaningful use of an EHR under the programs created by the American Recovery and Reinvestment Act of 2009.
- Eligible Professionals (Eps), Eligible Hospitals (EHs) and Critical Access Hospitals (CAHs) are all included in the 5 to 10 percent of meaningful use participants being audited.
The timeline for a potential meaningful use audit is approximately 6 years beginning with attestation and ending when you are off "the audit hook." There are two types of audits that may occur during that 6 year period:
- Pre-Payment Audit may occur before participants receive incentive payments (5-10 % chance)
- Post-Payment Audit may occur after participants receive incentive payments (5-10 % chance)
The Meaningful Use Audit Process
The meaningful use audit process begins with an initial request that is sent to the email address entered during registration. Following the initial email, the next steps are to conduct internal response processes to ensure you have the required information the auditor will be looking for:
- You should have completed a Security Risk Analysis prior to the end of the reporting period. Your SRA should include an action plan for your subsequent SRA submission(s).
- Your medical assistants and any other healthcare workers involved with CPOE should be properly credentialed.
- Reports should be generated from your EHR to support the numerators and denominators of the objectives for the audited reporting period.
- Have a copy of your EHR agreement for your technology vendor ready.
- Have a copy of the ONC certification ready.
- Auditors are asking to see user ID and password policies and procedures have a copy ready.
- Make sure you have performed at least one test meeting the public health criterion submit electronic data to public health agencies (if applicable to your practice /specialty). You should have documentation supporting this test, ready to send to the auditor.
We can't emphasize the important of a completed Security Risk Analysis (SRA) enough. While it is important to complete an initial SRA your subsequent SRA submissions are equally important. So far all attestations have been audited for this specific measure and will continue to do so. All entities that maintain PHI, Stage 1 Meaningful Use participants, Stage 2 Meaningful Use participants and beyond should complete an initial SRA, and annually thereafter.
Once you have met these requirements (maybe others depending on your specialty), the next step in the audit process is to submit the requested documentation via regular mail or a secured portal. Please do not include any PHI during this process!
Once they receive your documentation you may:
- Receive subsequent requests for information; and or
- Receive a request for an onsite review.
Finally, you will receive an audit determination letter from the Auditor.
Are you prepared for a Meaningful Use audit?
Healthcare Compliance Pros can help you prepare for a meaningful use audit in a variety of ways. For example, our HIPAA Plus program includes an SRA that meets and exceeds meaningful use requirements for Stage 1, Stage 2, and beyond. An important part of the SRA process is an action plan that addresses any areas that need improvement. When we provide a comprehensive review of your SRA we include an action plan for your next SRA submission. Your Core Compliance program includes policies and procedures that are documented and retrievable whenever necessary. Remember, auditors are asking to see user ID and password policies and procedures have a copy ready. Finally, we have certified compliance professionals who are available to answer any questions you may have and who can help you prepare for a meaningful use audit.
If you have any questions about what steps you should take to prepare for a pre-payment or post-payment audit, have questions about any services we provide, please comment below, send us an email [email protected] or reach us by phone toll-free 855-427-0427.