Meaningful Use of EHR. Presenter: Jay.Fisher@C3Partners.biz

Meaningful Use of EHR and CMS Audit Presenter: Jay.Fisher@C3Partners.biz

Structure of Today s Discussion Impact of Audit Event Likelihood of Audit Event Probable Audit Selection Factors Audit Processes Mitigation Strategies

Content Derivation i.e., How good is our data? Material provided by CMS to prospective Audit Firms to enable them to propose on being selected as ARRA Auditors GAO Report to CMS on their proposed audit program Our own training and experience

CMS Audit Perspectives Medicare is risky, EHR is riskier conducting this evaluation is important because we have designated the Medicare program as being vulnerable to making improper payments. The EHR programs may be at greater risk of improper payments than other, more established CMS programs because they are new programs with complex requirements Maintain Program Integrity Develop risk profiles that will identify providers most likely to be out of compliance, and pursue those providers Audits are not corrective action tools. They are non-compliance research There is no opportunity to remediate

GAO Observations Today s audit program is not necessarily tomorrow s audit program: CMS will evaluate the effectiveness of the audit strategy for the Medicare EHR program on an ongoing basis and document results quarterly, beginning approximately 3 months after the audits begin

Updates since program startup March, 2013 CMS begins pre-payment audit on 5-10% of providers CMS Issues FAQ #7711 Re-asserts that any single shortfall results in recoupment To ensure you are prepared for a potential audit, save the electronic or paper documentation that supports your attestation. An audit may include a review of any of the documentation needed to support the information that was entered in the attestation. The level of the audit review may depend on a number of factors, and it is not possible to include an all-inclusive list of supporting documents.

Impact of an Audit Event Why is MU a Risk Conversation? Install EHR Achieve MU Attest to MU Receive Stimulus! CMS Audit CMS Recoups Stimulus Provider Audit Risks Any discrepancy uncovered via audit results in full repayment of Stimulus Funds to CMS up to six years after attestation Over 1,600 pages of regulatory content creates multiple opportunities for error or irregularity (Stage Two adds more to this!) Attestation is tantalizingly simple and requires virtually no proof Adverse audit results happen after you ve spent your Stimulus bonus Announcement week of March 25 that CMS will begin selected pre-payment audits

Structure of Today s Discussion Likelihood of Audit Event

Likelihood of an Audit Event What are the percentages? Post-Payment Audit Meaningful Use: 5% of hospitals and 10% of EP s, based on risk profile For Clinics, probabilities could be deceptive Clinic of 5 EP s seem likely to have 1 audited Risk profiling likely to extend audits to other EP s in a clinic where 1 EP is found deficient Pre-Payment Audit New as of March, 2013 Same percentages as post-payment, essentially doubling volume

Likelihood of an Audit Event Additional audits of EHR Ownership Additional Audits Focused on Ownership of Certified Software : CMS will audit an additional 10% of Hospitals and 20% of EP s on this Issue Alone. As a matter of routine, all participants selected for audit will be required to provide proof of possession for the certified EHR(s) attached to the submitted Certificate ID. (CMS Audit Guide) Action Item: Develop an explicit process to document your possession of all modules included in your ATCB s test

Likelihood of an Audit Event What impacts my risk? Selection volume and risk profile will be evaluated by CMS quarterly Elements of provider attestation Inconsistency between numerator / denominators that should be related Exclusions that may be inconsistent with other measures CMS Data supplemental to attestations Measures or exclusions inconsistent with patient mix (both hospital and EP specialty) Peer group comparisons State and local public health capabilities EHR Vendor characteristics Providers who indicated use of multiple EHR products to meet requirements EHR s with capability of collecting data for only a few CQM s (ambulatory only) Representative sample of Certified EHR vendors

Structure of Today s Discussion Audit Processes

Audit Processes CMS Steps Review Attestations and Identify Audit Candidates Notify Candidate to Prepare CMS Desk Audit CMS Field Audit Auditor Decision

Audit Processes What are Auditors Requesting? Numerator / Denominator based Measures: Certified EHR Software Reporting Detail Patient Logs Policy / Procedure / Workflows Supplemental Documentation on Non-Percentage Items Screen Shots, System Configuration Documentation Patient logs showing alert was fired Testing results Proof of EHR Ownership Patient Volume Documentation Validate Medicare / Medicaid patient Mix Comparison for measures requiring Non-EHR patients

Structure of Today s Discussion Probable Audit Selection Factors

Selection Factors: Denominator Inconsistency Measure Maintain Problem List Maintain Active Medication List Maintain Active Medication Allergy List Record Demographics Patient-Specific Education Resources Audit Red Flag Measures requiring Observation Services method or All ED Visits method should have the same numbers in the denominator

Selection Factors: Denominator Inconsistency Measure <= Unique Patients Relationship to CPOE CPOE for Medication Orders X N/A Record Vital Signs X >= Electronic Copy of Health Information X < Electronic Copy of Discharge Instructions X < Advance Directives X < Incorporate clinical lab test results into EHR > Generate Patient Lists X < Perform Medication Reconciliation X < Send transition of Care Record X < Audit Red Flag General Reasonableness check between measures

Selection Factors: Denominator Inconsistency Measure Maintain Active Medication List Maintain Active Medication Allergy List Record Demographics Patient Specific Education Resources Audit Red Flag Where Measures define the same denominator rules, reported denominator values should be the same values

Selection Factors: Patient / Age Mix Consistency Provider Type EP EP EP Age Mix Indicator >= 2 Years Old Record Vital Signs >= 13 Years Old Record Smoking Status <= 5 YearsOld -or- >= 65 Years Old Patient Reminders MU Measures Audit Red Flag Age-sensitive measures should be consistent with patient mix

Selection Factors: Regional / State Capabilities Provider Type EP and EH Hospital EP and EH Public Health Data Submission Test Immunization Registries Data Submission Reportable Lab Results Syndromic Surveillance Data Submission Audit Red Flag CMS will validate you against other hospitals / EP s in your geography, and against a CMS-maintained directory of states where public health reporting exists

Selection Factors: Exclusions should be consistent with hospital type and patient mix Exclusion Hospital with no patients >= 13 years old Hospital with no patients >= 65 years old No requests for patient information Record Smoking Status Advance Directives Measure (Core Items) Electronic Copy of Health Information; Electronic Copy of Discharge Instructions Audit Red Flag Claiming exclusions based on perceived inconsistency with patient mix or Peer Group hospitals (based on CMS Peer Grouping)

Selection Factors: Exclusions should be consistent with EP specialty and patient mix Exclusion Any EP who writes fewer than 100 prescriptions Any EP who either seesno patients 2 years or older, or believes that all three vital signs have no relevance Measure (Core Items) CPOE E-Prescribing Implement drug-formulary checks Record Vital Signs Audit Red Flag Claiming exclusions based on perceived inconsistency with EP specialty /patient mix

Selection Factors: Exclusions should be consistent with EP specialty and patient mix Exclusion Measure (Menu Items) Any EP that neither orders nor creates lab tests or... Provide Patients with Timely Electronic Access to their health information An EP who was not the recipient of any transitions of care An EP who neither transfers a patient nor refers a patient An EP who does not collect any reportable syndromic information An EP who sees no patients 13 years or older Receive Medication Reconciliation Send Transition of Care Summary Submit electronic syndromic surveillance data to public health agencies Record Smoking Status An EP who has no requests from patients for electronic health information An EP who has no patients 65or older, or 5 years or younger An EP who orders no lab tests Electronic copy of Health Information Send Patient Reminders Incorporate clinical lab test results Audit Red Flag Claiming exclusions based on perceived inconsistency with EP specialty /patient mix

Structure of Today s Discussion Mitigation Strategies

Strategies Manage Likelihood of Audit Manage audit Red Flags Manage EHR Environment (to the extent possible) Manage Impact of Being Selected Drive toward Desk Audit in avoidance of Field Audit Retain long-term snapshot of 3 key documents for each requirement Manage high-risk requirements Pre-attestation Documentation Review Manage Awareness General Meaningful Use Education for key executives Develop ongoing, deep understanding of all nuances of each requirement (by more than one individual) Flash reporting on updates to requirements

Strategies: Manage Likelihood of Audit Report against known or anticipated CMS Audit Red Flags Inconsistencies across metric denominators Exclusions on MU Measures inconsistent with practice type Exclusions on connectivity Measures inconsistent with State Exclusion inconsistencies based on patient mix Exclusion inconsistencies between related MU Measures Periodically Audit your ongoing pre-attestation data perpetually Remember: Attestation is required every single year, at least through 2021, and the Requirements are not static

Strategies: Keep the Auditors at Their Desks Respond quickly, completely and accurately Multiple forms of documentation for each measure Summary / Certified calculation of numerator / denominators Detail patient logs Test plans / results of public health and other provider connectivity Screen shots for measures requiring proof that a capability is turned on Document and Share your Workflows Workflows associated with each Measure Policies oriented toward nuances of requirements Don t Forget other IMPORTANT Components Eligibility reporting (six separate requirements) Documented ownership of complete certified EHR Technology Privacy and Security Checklists and action plans

Strategies: Manage High-Risk Requirements Most likely to be audited / nuanced documentation needs Privacy and Security (especially in small EP) Proving ownership of Certified EHR Technology Complex denominator / multiple options in denominator calculation: CPOE Problem List Vital Signs Requirements to incorporate patients with records maintained outside EHR Technology Requirements with low volumes, or non-clinical/ operational data gathering Patient requests for electronic information

Get the FAQ s Link to CMS FAQ# 7711 on Audit Preparation! https://questions.cms.gov/fa q.php?faqid=7711 http://www.cms.gov/regulations-and- Guidance/Legislation/EHRIncentivePrograms/D ownloads/ehr_supportingdocumentation_au dits.pdf

Summary Compliance Portal

Attestation Document Checklist Document volume grows quickly Supplemental Notes can make a big difference

Measure-Specific Requirements

Financial Manager Program Selection And % Specialty First Reporting Year Payment Status

Every Year, Every EP

Make Safety Easier with MUM Meaningful Use Monitor - For a Higher Standard of Diligence Virtual Documentation Binder for six year retention requirement Expert System consolidating all Regulatory sources Project Management System for Meaningful Use Pre-Attestation Readiness Checklist and third-party validation Registration and Attestation status tools ARRA Financial Management and Tracking Integrated with your EHR, cloud deployed http://meaningfulusemonitor.com Jay.Fisher@C3Partners.biz