Checklist and Related Guidance for Meaningful Use Audits



Similar documents
EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2013

Stage 2 EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2014

How to prepare for an EHR incentive audit

Navigating a Meaningful Use Audit: Are You Ready? Brian Flood

Meaningful Use Audits. NextGen Physician Consulting Services

Medicare s Electronic Health Records Incentive Program- Overview

Become Audit Proof. What You Need To Know To Protect Your Practice

Semi-Annual Blueprint Conference October 20, 2014

Audit Alert: Are You Prepared? You Have A Good Chance of Being Selected

Preparing for HIPAA and Meaningful Use Compliance Audits

Don t Panic! Surviving a Meaningful Use Audit October, 2014

Meaningful Use Audits. Best Practices for keeping your Incentive Dollars. Mark Norris, CEO Medical Records Services, LLC

HIPAA - Breaking News!

How To Be A Good Medicare Patient

BEST PRACTICES FOR MEDICARE

Completing Your MPIP Attestation: Supporting Documentation

Meaningful Use of EHR. Presenter:

9/9/2015. Medicare/Medicaid Incentive Program. Medicare/Medicaid Incentive Program. Meaningful Use, Penalties and Audits

Meaningful Use Preparedness 07/24/2015

HIT Audit Workshop. Jeffrey W. Short.

Community Health Center Association of Connecticut Meaningful Use: Audit Preparedness And Other Challenges February 12, 2015

Meaningful Use Audit: A Quick Reference For Certified EHR Eligible Professionals.

Meaningful Use Audit Red Flags: Pay Careful Attention To The Security Risk Analysis - Or Else

29 OIG 2014 Work Plan explores new compliance projects: Part 2. Nathaniel Lacktman

NEW HAMPSHIRE MEDICAID EHR INCENTIVE PROGRAM

MEDICARE EHR: PREPARING FOR Community Counts Practice Effectiveness Web Series ION June 26, 2014 Risë Marie Cleland Oplinc, Inc.

EMR and Meaningful Use. How to Prepare for Audits and Avoid Penalties

Surviving a Meaningful Use Audit: Useful Tips from an Actual Survivor

Preview of the Attestation System for the Medicare Electronic Health Record (EHR) Incentive Program

Alaska Department of Health and Social Services Medicaid Electronic Health Record (EHR) Incentive Program

The Advantages and Disadvantages of Having a CEHRT in 2015

Florida Medicaid EHR Incentive Program. Eligible Hospitals

Care360 Guide for CMS Meaningful Use Audit

Provider Incentive Payment Program (PIPP) User Manual Full Version

Meaningful Use Stage 2 MU Audits

Frequently Asked Questions

Who are we? *Founded in 2005 by Purdue University, the Regenstrief Center for Healthcare Engineering, and the Indiana Hospital Association.

Medicaid EHR Incentive Program. Focus on Stage 2. Kim Davis-Allen, Outreach Coordinator

New Hampshire Guidelines for Meaningful Use and Supporting Documents

Stage 2 Medical Billing and reconciliation of Patients

PRV Electronic Health Record (EHR) Incentive Application

The Medicare and Medicaid EHR incentive

Meaningful Use and Release of Information

OIG Security Audit: What You Need To Know

Frequently Asked Questions

What is the Meaning of Meaningful Use? How to Decode the Opportunities and Risks in Health Information Technology

Auditing PQRS & Meaningful Use To Maintain Compliance. Standard Disclaimer. Learning Objectives 12/2/2014

Medicaid EHR Incentive Program Updates ehealth Services and Support September 24, 2014

EHR Incentive Program Focus on Stage One Meaningful Use. Kim Davis-Allen, Outreach Coordinator October 16, 2014

ERC Incentive Program - Overview and Tips

EARLY ASSESSMENT THAT CMS FACES OB STACLES IN OVERSEEING

Medicaid EHR Incentive Program Eligible Hospitals. New Hampshire Department of Health and Human Services Office of Medicaid Business and Policy

WHAT JUST HAPPENED TO THE EMR PROGRAM?

Meaningful Use Stages 1 and 2 and How to Survive a Meaningful Use Audit. Charles Jarvis, Senior Manager

Meaningful Use: Registration & Attestation Eligible Professionals

Federal Fraud and Abuse Laws

The Meaning Behind Meaningful Use Stage 2

Texas Medicaid EHR Incentive Program: Dentists

Understanding Attestation for the Medicare EHR Incentive Programs Eligible Professionals. National Provider Call May 5, 2011

Colorado Department of Health Care Policy and Financing. Solicitation #: HCPFRFPSF13EHRATTAUDIT Electronic Health Record Attestation Auditing

Eligible Professionals

How To Test For Meaningful Use In Minnesota

Meaningful Use: Terms & Timelines, Changes to Stage 1, and Stage 2 Overview

The Wisconsin Medicaid Electronic Health Record Incentive Program for Eligible Hospitals

BEGINNER MEDICAID EHR INCENTIVE PROGRAM FOR ELIGIBLE PROFESSIONALS. » An Introduction to: Last Updated: April 2014

Eligible Hospitals Reporting Meaningful Use for the Wisconsin Medicaid Electronic Health Record Incentive Program and Other Program Information

Electronic Health Record Incentive Program Update May 29, Florida Health Information Exchange Coordinating Committee

PREPARING FOR EMR PROGRAM SUCCESS IN /10/2015. December 15, Travis Skinner, CPA Senior Managing Consultant

FAQ s Eligible Professionals (EP) Colorado Medicaid EHR Incentive Program Program Year 2013

PENNSYLVANIA MEDICAL ASSISTANCE EHR INCENTIVE PROGRAM ELIGIBLE PROFESSIONAL PROVIDER MANUAL

Washington State Medicaid EHR Incentive Program (emipp)

Medicare & Medicaid EHR Incentive Programs Elizabeth S. Holland, MPA Director, HIT Initiatives Group Office of E-Health Standards & Services, CMS

Eligible Professional Menu Measure Frequently Asked Questions

An Introduction to the Medicaid EHR Incentive Program for Eligible Professionals

WHAT S NEW ON THE EHR FRONT?

North Carolina Medicaid Electronic Health Record Incentive Program

Information for Eligible Professionals Regarding Program Year 2015 of the Wisconsin Medicaid Electronic Health Record Incentive Program

WHAT S NEW ON THE EHRFRONT?

10/19/2015. Meaningful Use: Current and Future Environment. Agenda. MGMA Annual Conference Nashville, TN October 13, 2015

It s where we drive Quality Improvement and Get Money to aid in our ability to provide quality patient care

FAQs for AMDA Members on the Medicare and Medicaid Electronic Health Record Incentive Programs, Including Medicare Payment Adjustments

KANSAS MEDICAID EHR INCENTIVE PROGRAM ELIGIBLE HOSPITAL PROVIDER MANUAL

KANSAS MEDICAID EHR INCENTIVE PROGRAM ELIGIBLE PROFESSIONAL PROVIDER MANUAL

STATE OF RHODE ISLAND MEDICAL ASSISTANCE EHR INCENTIVE PROGRAM ELIGIBLE PROFESSIONAL PROVIDER MANUAL

West Virginia Meaningful Use Registration System Instructions

Wisconsin Medicaid Electronic Health Record Incentive Program for Eligible Hospitals

STATE MEDICAID ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM STAGE 1 AND 2 ATTESTATION REFERENCE GUIDE

Administrative Review of Certain Electronic Health Record Incentive Program Determinations

North Carolina Medicaid Electronic Health Record Incentive Program

Eligible Hospitals Meaningful Use Stage 1

Eligible Professionals User Guide for the Georgia Medicaid EHR Incentive Program

Adopting an EHR & Meaningful Use

To start the pre-approval process, providers must fill out a short online survey, available at:

EHR Incentive Program Updates. Jason Felts, MS HIT Practice Advisor

CMS EHR Incentive Programs:

Clinical Quality Measures for Providers

Program Year 2015: Public Health Reporting Objective & Supporting Documentation

Meaningful Use And Impact on Immunization Outcomes

Vermont Medicaid EHR Incentive Program

Transcription:

Checklist and Related Guidance for Meaningful Use Audits This checklist was prepared by Jill M. Girardeau, Partner, Womble Carlyle Sandridge & Rice, LLP and Dina Marty, Counsel, Wake Forest Baptist Medical Center. Because an audit relating to the Medicare or Medicaid EHR Incentive Program may focus on any number of issues, it is not possible to identify each and every document that may be requested by an auditor. In addition, this checklist is based on specific experience with specific auditors; different auditors may have different requests, requirements, and standards. However, this checklist may be useful in gathering and maintaining documentation supporting an attestation for a Medicare or Medicaid EHR Incentive Program payment. Links to websites were accurate as of the date these materials were prepared (January 16, 2014). We cannot guarantee that the links provided in this document will continue to direct the reader to the specific materials referenced. This checklist does not constitute legal advice. General Guidelines An audit can be a pre-payment or a post-payment audit and may be a desk audit or a field (on-site) audit. During a field audit, auditors may require a demonstration of the Certified EHR. An audit can occur anytime in the six-year period following attestation. A provider that has attested under the Medicare or Medicaid EHR Incentive Program should keep all audit documentation, including the actual attestation submitted, for at least six years. The documentation should be maintained in a secure (but accessible) fashion. Documentation supporting hospital payment calculations should follow current retention requirements. Figliozzi and Company is performing audits under the Medicare EHR Incentive Program. States arrange for audits under the Medicaid EHR Incentive Program. On behalf of CMS, Figliozzi and Company will audit hospitals that are eligible under both the Medicare and Medicaid EHR Incentive Programs. CMS has provided sample audit letters here: o Eligible Professional: http://www.cms.gov/regulations-and- Guidance/Legislation/EHRIncentivePrograms/Downloads/SampleAuditLetter.pdf o Eligible Hospital: http://www.cms.gov/regulations-and- Guidance/Legislation/EHRIncentivePrograms/Downloads/EHR_SupportingDocumen tation_auditsehcap.pdf A provider may have as little as two weeks to respond to an audit request. All documentation and information used for attestation (and any other helpful documents) 1

should be maintained in an audit file that is readily available so as to avoid a rush in pulling together requested documentation. For Medicare EHR Incentive Program audits, information requested can be provided by mail or by uploading to a secure portal provided by auditors. CMS Guidance on audits can be found here: http://www.cms.gov/regulations-and- Guidance/Legislation/EHRIncentivePrograms/Downloads/EHR_SupportingDocumentati on_audits.pdf Payments received under the Medicare and Medicaid EHR Incentive Programs are subject to federal laws governing fraud and abuse, so providers who submit a fraudulent attestation may be subject to sanctions. If a provider is found to be ineligible for an incentive payment under the Medicare or Medicaid EHR Incentive Program, any payment already received will be recouped from the provider. o A provider who has failed an audit under the Medicare or Medicaid EHR Incentive Program does have appeal rights. http://www.cms.gov/regulationsand-guidance/legislation/ehrincentiveprograms/appeals.html o When submitting an appeal relating to a failed audit, a provider can choose not to repay at that time. However, if the appeal is denied, the incentive payment must be repaid and additional interest may be charged. Supporting Documentation Proof of Certified EHR o Certifying bodies (like CCHIT and Drummond Group) certify specific versions of EHRs. Make sure that the version of the EHR being used is a version that is a Certified EHR. o Ensure that you provide a CMS EHR certification ID number for your Certified EHR during attestation. This number is available on the Certified Health IT Product List (http://oncchpl.force.com/ehrcert/chplhome). More information on the CMS EHR certification ID number is available here: http://www.cms.gov/regulations-and- Guidance/Legislation/EHRIncentivePrograms/Certification.html o For audit purposes, a license agreement with or purchase order from the Certified EHR vendor may suffice to prove the use of a Certified EHR. However, any such license agreements or purchase orders may have confidentiality provisions that prohibit them from being shared with others, even auditors. Review any agreements with or documentation from the Certified EHR vendor prior to sharing with auditors and consult with legal counsel if necessary. Also, if needed, consult with the Certified EHR vendor as to what documentation is appropriate to 2

provide to auditors. Some vendors provide license summaries or similar documentation for audit purposes. o Consider the Medicare and Medicaid EHR Incentive Programs prior to implementing an upgrade of a Certified EHR. Will there be a timeframe during a reporting period when a Certified EHR is not being used? o CMS has stated that an EHR certified for other CMS programs may not necessarily be certified for the Medicare and Medicaid EHR Incentive Programs. Only EHRs certified for the Medicare and Medicaid EHR Incentive Programs satisfy the requirement that a provider use a Certified EHR. Source Document o The source document, which is usually a report from the Certified EHR, should include the following: Numerators and denominators for all percentage-based measures; Time period the report covers; and Evidence to support that the report was generated for a specific provider. Auditors have questioned reports from Certified EHRs that do not specifically identify the provider on each page. Auditors have also questioned reports that do not include the Certified EHR logo, the version number, and the date on each page. Review the reports generated by your Certified EHR and contact your Certified EHR vendor with any questions. o Clinical quality measures must be reported from the Certified EHR, so maintain a report to validate the clinical quality measures reported. o Determine whether the Certified EHR you are using can generate reports for prior time periods. If not, a report must be generated for the EHR reporting period and maintained in a reproducible format. o Anomalous data will be scrutinized. For example, not all percentage-based measures use the same denominator, so attesting with the same denominator in all percentage-based measures may result in an audit. Similarly, different denominators in the percentage-based measures that do use the same denominator may result in an audit as well. Attesting to 100% for each percentage-based measure is also problematic. If all physicians in a practice attest with the same percentages, payments to those physicians are likely to be questioned. Scrutinize the numbers before attesting. 3

Documentation of Yes/No Measures o Screen shots must be from the Certified EHR and must be from the reporting period. Take screen shots before the end of the reporting period and maintain them in case of an audit. o Screen shots should show date, provider, and name and vendor of the Certified EHR and the version number. To the extent possible, redact patient-specific information before providing to auditors. We note, however, that certain auditors (especially those auditing under the Medicaid EHR Incentive Program) may request certain types of patient-specific information. o If screen shots were not obtained during the reporting period, work with your Certified EHR vendor to determine how to obtain documentation showing that the yes/no measures were met during the reporting period. Can the information be obtained from audit logs? Does the vendor have any information demonstrating when a particular functionality was turned on or off? o Some Certified EHR vendors have implemented contractual restrictions on the provision of screen shots to auditors. Review the relevant license agreements, purchase orders, etc. to determine whether any contractual restrictions exist and consult legal counsel if necessary. Security Risk Analysis o Meaningful use requires a provider to conduct or review a security risk analysis as required by the HIPAA security rule. o The security risk analysis must factor in the version of the Certified EHR that is being used for meaningful use purposes but must address other security issues as well, not just the Certified EHR. o CMS and OCR have provided guidance on the security risk analysis requirement: Security Risk Analysis Tipsheet from CMS and OCR: http://www.cms.gov/regulations-and- Guidance/Legislation/EHRIncentivePrograms/Downloads/SecurityRiskAs sessment_factsheet_updated20131122.pdf OCR Guidance on Risk Analysis: http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalg uidance.html o CMS and OCR have confirmed that a security risk analysis must be conducted during each Stage 1 and Stage 2 reporting period. A change in Stage 2 requirements means that the security risk analysis must address the encryption and security of data at rest. 4

Documentation of Exclusions o A report from the Certified EHR showing a zero denominator for specific measures may suffice as documentation of an exclusion. For example, if immunizations are not part of an Eligible Provider s practice, a report showing a zero denominator could satisfy an auditor s request. However, it may also help to document the reason that the Eligible Provider does not provide any immunizations. o Some exclusions are not dependent on denominators. For example, if the relevant health department did not accept electronic submissions of reportable lab results during the reporting period, an auditor may request documentation that electronic submission was not available. Many health departments have included this information on their websites or otherwise provided confirmation regarding their ability or inability to accept electronic transmissions. Documentation of Transmissions o CMS has provided examples of documentation related to transmissions that should be maintained for audit purposes: Dated screenshots from the Certified EHR system that document a test submission to an immunization registry or public health agency and show the result (i.e., successful or unsuccessful). The documentation should include evidence to support that it was generated for that specific provider s system. A dated record of successful or unsuccessful electronic transmission (e.g., screenshot from another system, etc.). This record should include evidence to support that it was generated for that specific provider. A letter or email from an immunization registry or public health agency confirming the receipt or failure of receipt of the data submitted electronically. The letter or email should include the date of the submission, the name of the provider and the registry or agency, and the result of the test (i.e., successful or unsuccessful). o If you plan to use an intermediary (like a health information exchange) to submit public health data, ensure that the use of the intermediary will still allow you to meet the meaningful use objectives. The following FAQs from CMS and ONC may be helpful: https://questions.cms.gov/faq.php?id=5005&faqid=3461 http://www.healthit.gov/policy-researchers-implementers/18-question-09-10-018 5

o To this point, our experience has been that auditors have not focused heavily on the transmission requirements, as many immunization registries and public health agencies were not prepared to receive the information. We believe that focus on the transmission requirements will likely increase going forward. Attestation o Along with all the other types of documentation discussed here, maintain a copy of the actual attestation that was submitted. o Also, make sure that whatever contact information provided during attestation (for example, an email address) is in working order and is being monitored. We have experienced several instances in which an email address is not being monitored and auditor communications are not read in a timely manner. Medicaid Considerations o Audits under the Medicaid EHR Incentive Program vary by state. Here is state contact information: https://www.cms.gov/apps/files/statecontacts.pdf o Audits under the Medicaid EHR Incentive Program may focus on patient volume calculations. One representative of a state Medicaid program has said that multiple attempts to identify a 90-day period to establish patient volume may lead to an audit. o Those providers with no history of providing services to Medicaid beneficiaries prior to the Medicaid EHR Incentive Program are also more likely to be audited. o Based on our experience, documentation sufficient to demonstrate Adoption, Implementation, or Upgrade varies by state: Additional Suggestions Some Medicaid representatives have said that demonstration of a financial or legal commitment for adoption of a Certified EHR will suffice and that no actual installation is required. Documentation may include an executed purchase order or agreement even if no payments to the Certified EHR vendor have been made. Other Medicaid representatives have said that proof of installation is required. This proof may include evidence of costs associated with staff training and support during implementation or evidence of staff training on the Certified EHR. For an Eligible Hospital, a cost report showing implementation expenses relating to a Certified EHR may suffice. Communicate with Auditors. Work with and communicate with auditors. If you cannot meet a deadline, let the auditors know as soon as possible. If you have any questions about the information being requested, ask the auditors for clarification. 6

Other Requests. Some providers have found that their financial auditors request information regarding the Medicare and Medicaid EHR Incentive Programs when performing a financial audit of the provider. For example, the financial auditors may want to confirm that the provider is actually entitled to payments from the Medicare or Medicaid EHR Incentive Program when determining whether the inclusion of incentive payments in the provider s budget is reasonable. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information