Posts by :

    MU audit alert: 6 things you should do before Dec. 31

    December 12th, 2013

    Does your organization use the calendar year as its Meaningful Use (MU) attestation period? That means your reporting year is drawing to a close in just a few weeks.

    Auditors require a time-stamped date on several items that you must complete during the reporting period.  Not doing it before December 31 may put your organization at risk of failing a potential audit of its 2013 attestation.

    If you haven’t already done so, here are six things you should do before December 31:

     1. Complete a HIPAA Security Risk Assessment.  

    Not completing this task is the number one reason organizations receive audit failure notice.

    2. Take a screenshot of the EHR version number.

    To record which version you are closing the year out with.

    3.  Record transmissions of clinical data and results.

    Some menu measures only require an attempted transmission and documentation of results (failed or successful).  Screenshots of the submission and the status results will be useful documentation in the event of an audit.  Requesting confirmation emails from the receiving parties where possible will further bolster your records.

    4.  Take screenshots that validate active functions.

    These records will help validate that CDS, Drug-Drug, Drug-Allergy, and Drug-formulary functions were still active on the final day of the calendar year.  An example screenshot of pop-up messages generated by these features will help prove they were both active and functional on the final day of the year.

    5.  Print out an example patient list by a specific diagnosis.

    (Only relevant as menu measure 4 for eligible hospitals (EHs) and 3 for eligible providers (EPs).

    6.  Keep paper copies of all MU attestation reports.

    Also be sure to record the CMS Number and the certification number upon attaining ONC certification, or CHPL.  To bolster your audit records, take time/date stamped screenshots of those reports when they are displayed by the EHR.  (While this step isn’t required by December 31, it’s a helpful tip for submissions.)


    Taking these steps will help your organization prepare for an MU audit. To be clear, the ideas and tips provided within this post (or on our new Meaningful Use Audit group on ClientConnect) are suggestions between colleagues — not legal advice. For other helpful tips, read 8 things smart providers do to prepare for an MU audit.

    On a related note, ONC and CMS recently issued a joint announcement related to the start of Stage 3 of Meaningful Use and new, voluntary interim certification rules, known as the “2015 Edition” rules. Please visit ClientConnect for additional information for physician practices and hospitals.

    Do you have additional suggestions? Add them here, or join the conversation in our Meaningful Use Audit group on ClientConnect.


    8 things smart providers do to prepare for an MU audit

    October 10th, 2013

    You can’t prevent a Meaningful Use audit. It’s one way Centers for Medicare & Medicaid Services (CMS) follows up on Meaningful Use (MU) incentive payments and confirms that providers are doing the right thing for patients.

    But you can be prepared for an audit if you take a few simple steps before and during your attestation period. Before you receive the notice, you can:

    1.  Monitor emails for notification – The 14-day clock starts ticking the moment the email arrives from the CMS auditor, Figliozzi & Co.  You don’t want it sitting undiscovered in a physician’s inbox. Consider creating an email rule for accounts involved with the attestation to catch these notices early.

    2. Record EHR identification numbers – Record the CMS EHR certification ID and Certified Health IT Product List (CHPL) numbers on your MU attestation application.  Auditors often check these numbers for consistency.

    3. Take screenshots of EHR version number – On the first and last day the reporting period, take a screen shot of the EHR’s version number recorded on its system overview page.  Be sure to capture time and date within the screenshot.

    4. Conduct a Security Risk Assessment (SRA) – MU core measures require participants to analyze security risks and fix any identified gaps in security. This step must happen at least once before the end of each EHR reporting period.

    5. Keep records of successful transmission of clinical data – Take screen shots (with that time/date stamp) of any attempts to transmit patient and clinical data from your EHR to other healthcare organizations. If the transmission is successful, get a confirmation email from the recipient for your records.

    6. Keep documentation on exclusions – To be exempt from meeting certain measure specifications, you’ll need documentation (with that time/date stamp). For example, keep letters that confirm you couldn’t transmit data due to connectivity issues. Or keep any written verifications that you did not receive any requests from patients for an electronic copy of their health information.

    7. Take screenshots of key functionalities – Record when you enabled required EHR technology functions (with time/date stamp) of your reporting period, including: clinical decision support, drug-drug interactions checks/alerts, drug allergy checks/alerts and actual alerts that pop-up within the EHR.

    8. Keep paper copies of reports – Save paper, PDF or screen shot versions of documentation that supports your attestation. Be advised, auditors may reject your Word, Excel or other “alterable” electronic documents. Authenticity is key, making it easy for auditors to accept the origin and accuracy of your information.

    CMS suggests keeping this documentation on file for six years after the conclusion of the EHR Incentive Program. Remember, audits are conducted on individual providers and hospitals. So you’ll have to take these steps for each provider and hospital in your organization.

    To learn more from someone who has gone through the process – twice – check out a recent blog post, How Soundview Medical aced two Meaningful Use audits.

    The first thing you should do when you get an audit notice

    Given the sensitivity of the information you submit to CMS, it is important to ensure that all submissions are in the best legal interests of your institution. If you get that audit notice, your first step should be to seek legal counsel. To be clear, the ideas and tips provided within this post (or on our new Meaningful Use Audit group on ClientConnect) are suggestions between colleagues — not legal advice.

    Do you have additional suggestions? Add them here, or join the conversation in our new Meaningful Use Audit group on ClientConnect.

    No Comments "