OIG Escalates Meaningful Use Audits of Hospitals

TOPICS:

Posted By: Jim Tate May 12, 2015

By Jim Tate, EMR Advocate
Meaningful Use Audit Expert
Twitter: @JimTate, eMail: Inquiry@meaningfuluseaudits.com

The Office of Inspector General (OIG) continues to aggressively audit eligible hospitals (EH) for their CMS EHR Incentive attestations. This week I received documents related to an audit recently initiated against a Medicaid EH. As far as the location goes, let’s just say it is west of the Mississippi River. This audit differs widely from those undertaken for CMS by Figliozzi and Company in numerous ways. The audit involves numerous attestations. The response deadline is 10 business days. I have taken the liberty of copying and pasting segments from the original document below. I recommend hospitals gather this data and have it ready. Forewarned is forearmed.

Selections from the OIG Audit Engagement Letter

  • The audit period will include all payments made as of December 31, 2014
  • Please provide to us the requested information within 10 business days.
  • We are required to report as a security breach any audit information sent to us that does not meet FIPS 140-2 requirements.

California Medicaid Enrollment

  • Doses the hospital participate in any other State’s Medicaid Electronic Health Record (EHR) Incentive Program?
  • Is the hospital an acute-care hospital where the average length of stay is 25 days or fewer with a CMS certification ID where the last four digits are 0001–0879 or a Critical Access Hospital (CAH) with a CMS certification ID where the last four digits are 1300–1399? 
  • Has the facility ever been sanctioned or excluded from the Medicaid program? If yes, when? Please provide details.
  • Please provide the hospital’s Tax ID number.  Please provide the hospital’s NPI.

Medicaid Patient Volume

  • Please provide the name of the Accounting System/Billing System/Source of Patient Volume Report.\Please provide a detailed system-generated output report for total Medicaid patient volume used for the 90-day volume reporting period for the first-year payment attestation (and second-year payment attestation, if applicable). This report should include, at a minimum, the following criteria: 
  • What was the 90-day reporting period used by the hospital for determining its Medicaid patient volume calculation for the first-year payment attestation? For the second-year payment attestation, if applicable?
  • Please describe the procedures performed/process followed to determine patient volume in your facility for purposes of the Medicaid EHR Incentive Program. 
  1. Provider Identifier
  2. Service Date
    1. Patient Name
  3. Insurance Carrier/Insurance Plan

HHS/OIG California Medicaid EHR Hospital Questionnaire and Document Request Provider

  • Patient Medicaid Identifier
  • Charge Amount
  • Medicaid Payment
  • Please provide a detailed system-generated output report for your total patient volume for the 90-day reporting period used for the first-year payment attestation (and second-year payment attestation, if applicable). This report should include, at a minimum, the following criteria:
  1. Provider Identifier
  2. Service Date
  3. Patient Name
  4. Insurance Carrier/Insurance Plan
  5. Charge Amount
  6. Amount Paid

***Note: The Medicaid encounters and total encounters reports can be submitted in Excel as long as it is accompanied by a system-generated summary report that reconciles to the Excel data.***

Medicaid EHR Hospital Payment Calculation

  • Did you revise your payment calculation? If so, when and what was the reason? 
  • Please provide support for the original (and revised, if any) hospital calculation(s), specifically: 
  1. a) Medicare cost report pages (or whatever documentation you may have used) that support the numbers used in the hospital calculation.
  2. b) Internal support for the Medicare cost report numbers (or whatever documentation you may have used) that were used to complete the original hospital calculation (and revised if any). The supporting information should reconcile to the cost report numbers used. In addition, please provide the name of the Accounting System/Billing System/Source of the internal support used.

Certified EHR

  • Which type of certified EHR technology applies to your facility: Adopted, Implemented, or Upgraded?
  • When did the hospital begin adopting, implementing, or upgrading (AIU) its EHR product? If updating an already existing product, what was updated? When was the product originally purchased? When does the hospital plan to attest to meaningful use?
  • Please provide a verification letter from the software vendor signed by an authorized employee indicating the date when the facility obtained ownership of the attested certified version.
  • Please provide documentation to support the adoption, implementation, or upgrading of the EHR system (e.g., receipts, contracts, and service agreements, etc.). Also, please explain if any part of the EHR system was acquired for free or through a percentage of payment agreement. 
  • Which EHR product is the hospital using (please be specific by listing the version, year, etc.)? 
  • Did you use the Certified Health IT Product List (CHPL) system to determine whether the product is certified? If yes, what CHPL product number(s) did you use to obtain the CMS EHR Certification ID (which is distinct from the CHPL product number)? What is your CMS EHR Certification ID?
  • Who at the facility was involved in choosing the EHR product? What considerations did you take into account when choosing the EHR program you are currently using?
  • Who was involved in the registration and attestation process (of the Incentive Payment Program)? 
  • Please answer the following questions concerning data security and integrity:
    • a)  Is a unique password required to access the EHR system? 
    • b) Did the hospital sign a confidentiality agreement with the EHR vendor? 
    • c) Does each user of the EHR system have their own unique electronic signature to sign off on documents and is the electronic signature time and date stamped?
    • d) Can a document be edited/changed after it has been signed? 
    • e) Describe the hospital’s contingency plan if the EHR product goes offline? Please include in your description any use of backup files.

Please provide a screen capture of your EHR system demonstrating access to the system, including version/release number and name of the facility in the screen capture.

Jim Tate is known as the most experienced authority on the CMS Meaningful Use (MU) audit and appeal process. His unique combination of skills has brought successful outcomes to hospitals at risk of having their CMS EHR incentives recouped. He led the first appeal challenge in the nation for a client hospital that had received a negative audit determination. That appeal was decided in favor of the hospital. He has also been successful in leading the effort to reverse a failed appeal, even after the hospital had received notification of the failure with the statement, “This decision is final and not subject to further appeal”. That “final” decision was reversed in less than a week. If you are a hospital with questions or concerns about the meaningful use audit process, contact him at: audits@emradvocate.com. This post was original published on MeaningfulUseAudits.com.