Threats to your Meaningful Use documentation

“Trust, but verify”. I think that was one of Ronald Reagan’s most famous quotes. Remember him, the star of Bedtime for Bonzo? It is strange that sage advice should rear its head in the Registration and Attestation procedures for the CMS EHR Incentive Programs. Many Eligible Professionals (EPs) simply throw up their hands and look for outside help when they encounter the complexities of registering and then attesting their meaningful use of certified EHR technology. An entire cottage industry has arisen to save the day for these hapless EPs.

EHR vendors, consultants, and others have created business models to hold hands and eliminate the friction between the providers and those tasty incentives. This is actually a much needed service and I can understand the wisdom of turning the process over to experts. However, it is important to understand that your champion will be acting on your behalf but it will be you that will be held accountable in the event of an audit. One case in point: I have become aware in the past few weeks that some of these intermediaries only ask the EP or medical practice if they have met EP Core Objective # 15: “Have you conducted or reviewed a security risk analysis…………….?” They take the practice at their word and check “YES” on the CMS web based attestation forms. The actual HIPAA Security Risk Analysis is not actually viewed. This puts you at risk.

Make sure your attestation proxy is making every effort to minimize threats if your meaningful use documentation is challenged. Make sure they review your Security Risk Analysis and provide validation. “Trust, but verify.”

Jim Tate is a nationally recognized expert on the CMS EHR Incentive Program, certified technology and meaningful use and author of The Incentive Roadmap® The Meaningful Use of Certified Technology: Stage 1.