You can’t prevent a Meaningful Use audit. It’s one way Centers for Medicare & Medicaid Services (CMS) follows up on Meaningful Use (MU) incentive payments and confirms that providers are doing the right thing for patients.
But you can be prepared for an audit if you take a few simple steps before and during your attestation period. Before you receive the notice, you can:
1. Monitor emails for notification – The 14-day clock starts ticking the moment the email arrives from the CMS auditor, Figliozzi & Co. You don’t want it sitting undiscovered in a physician’s inbox. Consider creating an email rule for accounts involved with the attestation to catch these notices early.
2. Record EHR identification numbers – Record the CMS EHR certification ID and Certified Health IT Product List (CHPL) numbers on your MU attestation application. Auditors often check these numbers for consistency.
3. Take screenshots of EHR version number – On the first and last day the reporting period, take a screen shot of the EHR’s version number recorded on its system overview page. Be sure to capture time and date within the screenshot.
4. Conduct a Security Risk Assessment (SRA) – MU core measures require participants to analyze security risks and fix any identified gaps in security. This step must happen at least once before the end of each EHR reporting period.
5. Keep records of successful transmission of clinical data – Take screen shots (with that time/date stamp) of any attempts to transmit patient and clinical data from your EHR to other healthcare organizations. If the transmission is successful, get a confirmation email from the recipient for your records.
6. Keep documentation on exclusions – To be exempt from meeting certain measure specifications, you’ll need documentation (with that time/date stamp). For example, keep letters that confirm you couldn’t transmit data due to connectivity issues. Or keep any written verifications that you did not receive any requests from patients for an electronic copy of their health information.
7. Take screenshots of key functionalities – Record when you enabled required EHR technology functions (with time/date stamp) of your reporting period, including: clinical decision support, drug-drug interactions checks/alerts, drug allergy checks/alerts and actual alerts that pop-up within the EHR.
8. Keep paper copies of reports – Save paper, PDF or screen shot versions of documentation that supports your attestation. Be advised, auditors may reject your Word, Excel or other “alterable” electronic documents. Authenticity is key, making it easy for auditors to accept the origin and accuracy of your information.
CMS suggests keeping this documentation on file for six years after the conclusion of the EHR Incentive Program. Remember, audits are conducted on individual providers and hospitals. So you’ll have to take these steps for each provider and hospital in your organization.
To learn more from someone who has gone through the process – twice – check out a recent blog post, How Soundview Medical aced two Meaningful Use audits.
The first thing you should do when you get an audit notice
Given the sensitivity of the information you submit to CMS, it is important to ensure that all submissions are in the best legal interests of your institution. If you get that audit notice, your first step should be to seek legal counsel. To be clear, the ideas and tips provided within this post (or on our new Meaningful Use Audit group on ClientConnect) are suggestions between colleagues — not legal advice.
Do you have additional suggestions? Add them here, or join the conversation in our new Meaningful Use Audit group on ClientConnect.