By Steve Spearman, Founder and Chief Security Consultant, Health Security Solutions
Twitter: @HIPAASolutions
For eligible providers (EP) and hospitals (EH), attesting to Meaningful Use can have a huge financial impact on their organization. When an organization attests, they are required to satisfy a certain number of objectives and associated measures demonstrating the meaningful use of certified electronic health record technology (EHR). If the Meaningful Use (MU) standards are met, organizations receive significant incentive payments that help remediate the cost of implementing use of an EHR.
As with most things, there’s a catch. Earlier this year, I interviewed Jim Tate, Meaningful Use audit expert and founder of EMR Advocate. We spoke about many things, but our primary focus was the Meaningful Use audit program. This audit program was designed to oversee incentive payments and ensure that those organizations attesting were actually meeting MU requirements. According to Tate, audits were designed to assess “at least 5% of providers. Those audits took place, originally, after incentives were received. [But] now they’re also doing pre-payment audits. So the audit program is an attempt to provide oversight and to make sure those funds are going where they’re supposed to be going.”
In an effort to learn more about the MU audit program and the audits performed, I filed a Freedom of Information Act request in February of this year. I sought a record of the organizations assessed since the advent of the audit program. Earlier this week, I received that list. It outlined pre-payment and post-payment audits, both for eligible providers and eligible hospitals. Here’s what I found:
Pre-Payment Audits of Eligible Providers
As of September 16, 2014, Figliozzi & Co., the contractor responsible for performing MU audits on behalf of the Centers for Medicaid and Medicare Services (CMS), had undertaken a total of 5,825 pre-payment audits. This pre-payment audit program is relatively new (started within the past two years), so the volume of EP already assessed is surprising. Of those, 3,820 audits, or 65.6% of the total have been completed. That means there are currently more than 2,000 pre-payment audits in progress at the moment.
While a vast majority of those assessed were found to have appropriately attested, nearly a quarter (821 or 21.5%) of EP subjected to pre-payment audits did not meet meaningful use standards. CMS provided two reasons for failing to meet meaningful use: failure to use a certified EHR and failure to meet MU objectives and associated measures. The bulk of those EP that failed audits (92.9%) did not meet the appropriate objectives and associated measures. Only 7.1% of those audited failed to use a certified EHR when attesting.
Post-Payment Audits of Eligible Providers
From the time MU post-payment audits began, 4,780 eligible providers have been assessed after the payment of incentives. This number is, unexpectedly, smaller than the number of pre-payment audits that have been initiated by CMS. Of those post-payment audits, 4,601 or 96.3% have been completed.
As with pre-payment audits, almost a quarter (1,106 or 24%) of EP failed to meet meaningful use standards. CMS provided the same two reasons for failure to meet meaningful use: failure to use a certified EHR and failure to meet objectives and their associated measures. Most of those EP that failed their audits (98.9%) did not meet the appropriate objectives and associated measures.
Along with information on the number and type of audits, the report included the proposed amount of incentive payment returned to CMS by those eligible providers who failed meaningful use audits. These numbers ranged from $41.92 to $19,800 per provider. The average returned incentive payment was $16,862.81. It is important to note that providers who fail MU post-payment audits are able to appeal the audit outcome. If their appeal is successful, these EP are not required to return incentive payments. The data obtained from this report concerning returned incentive payments reflects the suggested incentive payment return prior to an appeal. For eligible providers counting on incentive payments to cover EHR start-up costs and associated business expenses, returning thousands of dollars could be devastating.
Post-Payment Audits of Eligible Hospitals
The final portion of information included in the report contained information on post-payment audits of eligible hospitals. The number of post-payment audits performed was 651. This number is significantly smaller than the number of eligible providers that have been audited, but reflects the smaller number of attesting hospitals as compared to individual eligible providers. Just over ninety-four percent (94.2%) of those 651 audits have been completed. Of those completed, only 4.7% (29) of EH failed post-payment audits. This is a significantly smaller ratio of failure to success than both pre- and post-payment audits of eligible providers.
CMS did not include information on the reasons for EH audit failure but did include amounts for potential returned incentive payments. As with post-payment audits of eligible providers, these numbers reflect proposed returns prior to any audit appeals filed by eligible hospitals. Potential returned incentive payments ranged from $280,414 to $3,430,591.20 with an average of over a million dollars returned from eligible hospitals ($1,132,937.22). Overall incentives returned to CMS following post-payment audits total nearly $33 million dollars.
Jim Tate, leading expert on Meaningful Use audits has mentioned several times that the question of an EP or EH being audited is not if, but when. As the report I received outlines, both pre- and post-payment audits are happening on a regular basis, and trends show that nearly 1 out of 4 eligible providers will fail an audit. Because meaningful use incentives can play such a vital role in organization finances, it is important to make every effort to satisfy all meaningful use objectives and associated measures.
To read more about MU audits and common problems eligible providers and hospitals face, follow the link.
About the author: Steve Spearman is the Founder and Chief Security Consultant for Health Security Solutions. He has been employed in the healthcare industry since 1991, when he began working with Patient Care Technologies, an electronic medical record solutions provider. As Chief Security Consultant, Steve stays busy providing HIPAA Risk Analysis for clients and business partners. This article was originally published on Health Security Solutions and is republished here with permission.