Meaningful Use Audits – 4 Questions to Consider

Meaningful Use Audits - Part II

Eligible Providers: Meaningful Use Audits Part II

Last week I wrote a blog post entitled The Arrival of Meaningful Use Audits.  Part of the confusion for those lucky Medicare eligible professionals that have received a golden ticket from Figliozzi & Company (current auditors of the CMS Medicare EHR Incentive Program) is exactly what constitutes acceptable documentation. As suggested by CMS (“Meaningful use audit questions can be directed to Peter Figliozzi at (516) 745-6400 x302 or by email at”) I directed my request for clarification via email but to date have not received a reply.  Maybe I should use Twitter. I have spoken with a number of the Regional Extension Centers who have reached out to CMS for audit guidance on behalf of their provider clients, and they tell me they are directed to contact the auditors. Hopefully they have received a more robust response that I have.

I was glad to see that CMS has recently added a FAQ with details on documentation  that could be required during a meaningful use audit. I still have a few questions and so I’ll post them here since I have not been able to find a viable channel to ask questions or provide feedback from the provider side. Here are my first four questions on meaningful use audits:

  • “Proof that a security risk analysis of the certified EHR technology was performed prior to the end of the reporting period (e.g., report which documents the procedures performed during the analysis and the results).” Should the entire security risk analysis itself be presented? Will the auditors actually be reviewing the documentation for compliance?
  • “Drug-Drug/Drug-Allergy Interaction Checks and Clinical Decision Support – Proof that the functionality is available, enabled, and active in the system for the duration of the EHR reporting period.” Is a statement from the EHR vendor sufficient? What are examples of “proof” that are acceptable?
  • What are the details of the appeals process for those that disagree with the outcome of their audit?
  • If, during a meaningful use audit, the provider feels that they are being asked for information that is outside the scope of the meaningful use regulations what recourse do they have?

Meaningful use audits are necessary to identify those who have received undeserved EHR incentives. No doubt about that, but we must be careful to ensure the audit process is transparent, verifiable, and consistent. I don’t want to see the heat of EHR adoption cooled off by the fear of audit uncertainties. I bet the auditors feel the same way. I wouldn’t want to be in their shoes. I can only imagine how messy it can be when they dive into the jumbled documentation that some providers provide. Then they have to deal with the “knowledge gap” of those they are auditing. I get a headache just thinking about it.

I’m sure additional questions will arise in the months to come as more meaningful use audits take place. The Medicare EHR incentive audits are being performed by one single contractor but that is not the case for potential Medicaid EHR incentive audits. As CMS tell us, “States will have separate audit processes for their Medicaid EHR Incentive Program.” Haven’t heard about any of those taking place but I can only imagine the variation in audit validity from state to state.

Jim Tate is founder of EMR Advocate and a nationally recognized expert on the CMS EHR Incentive Program, certified technology and meaningful use.