A State agency made incorrect EHR incentive payments in accordance with Federal and State Requirements. The incorrect Medicaid electronic health record (EHR) incentive payments were made to 20 hospitals totaling $4.4 million. In addition, the State agency "did not ensure that hospitals correctly calculate patient volume for 24 hospitals, made incorrect incentive payments to 13 professionals for a total overpayment of $3,250, and did not report 13 professional incentive payments to the CMS National Level Repository (NLR)."
As a result of the audit, the State agency is required to refund the Federal Government overpayments, adjust the hospitals' remaining incentive payments to account for the incorrect calculations, and ensure that personnel are knowledgeable about the EHR program requirements.
Under the Health Information Technology for Economic and Clinical Health Act (HITECH), Medicare and Medicaid EHR incentive programs were enacted to promote the adoption of EHRs. The Federal Government makes incentive payments to providers that attest to the meaningful use of EHRs.
This audit is an important reminder that any provider who receives an EHR incentive payment for the Medicare EHR Incentive Program or the Medicaid EHR Incentive Program may be subject to an audit. One of the most important pieces of documentation for providers is the security risk analysis that shows when it was completed, any necessary security updates that were completed, and deficiencies that were corrected. Eligible Professionals (Eps) should have a copy of a security risk analysis that is available on demand in the event of a CMS EHR Incentive Program audit.
If you have any questions about your security risk analysis or any other compliance related questions, please do not hesitate to contact one of our professional consultants.