The meaningful use audits are in full swing and both hospitals and physicians are being audited. For most hospital or physician practice that retained careful documentation prior to submission, these audits are relatively painless. Unfortunately, some organizations, particularly smaller physician practices, did not fully understand the meaningful use requirements or did not retain careful documentation. In these cases, the audit can be a difficult process.
If careful documentation was not retained, it will be necessary to recreate it. The Meaningful Use Dashboard can be set to the time period of the audit – this will allow recreation of most of the documentation. Other items of a yes/no flavor (for example, was the medication interaction feature enabled during e-prescribing) could be a little trickier. You might need to use the audit trail feature of your software to show that this functionality was enabled during the time window. Certain items may require some legwork and help from vendors. For example, if you do not know the version of your software that was in effect at the time, the vendor may be able to provide some documentation from their software support records.
One of the items that frequently was misunderstood or overlooked was Meaningful Use Objective #15, the Privacy and Security Objective. The auditors are expecting a formal risk analysis, several pages in length, that documents risk levels relating to the HIPAA Security requirements. Many practices did not understand what this was, and further, did not have the capability in house to perform the risk analysis. Any practice that did not perform a risk analysis is advised to have one professionally done as soon as possible. Eagle Consulting can provide this analysis. Call us if you would like a quote, or send an inquiry. The requirements state that the analysis was to be conducted during the time period of attestation, although the auditors and/or CMS (upon appeal) may grant an exception and allow a subsequently performed risk analysis to qualify.
Legal counsel could be of assistance in the event that you wish to appeal an auditor’s decision. You would benefit from legal counsel in the event that you need to appeal. Attorneys that Eagle has worked with have indicated that CMS is being relatively lenient and really wants providers to keep the incentive money that they have received as long as they appear to have made their attestation in good faith.
Implementing electronic record software and achieving meaningful use, for many, has proven to be a difficult and expensive task. Some practices may have succumbed to the temptation to “fudge” some of the numbers in the attestation. If the event that any “fudging” occured, the hospital or practice is advised to get help from legal counsel experienced with healthcare compliance issues. Know that you are not the first healthcare organization to be in this situation. Select legal counsel who has represented clients with meaningful use audits and CMS fraud and abuse issues. Good legal counsel will have relationships with CMS staff in Washington and can help you achieve the best outcome for your situation. Feel free to call for a referral.
To date, Eagle consulting has not heard of any fraud claims from CMS due to attestation irregularities. We have heard of money that has been returned. In cases where money was returned because meaningful use did not hold up to an audit, the medical practice has been given the opportunity to restart in the program from the beginning.
Editor’s Note: Subsequent to the publication of this article, CMS has renamed the “Meaningful Use” programs and MIPS “Advancing Care Information” category to “Promoting Interoperability”.
