Reducing Risks of an EHR Incentive Payment Audit

TOPICS:

Posted By: Jim Tate October 18, 2012

Meaningful Use Incentive Audits

The chickens are coming home to roost. I wrote blog posts in June and December 2011 focused on potential audits for the CMS EHR Incentive programs.  Well, the audits are here and from what I am seeing so far, it may not be pretty. There was a real need for HIT adoption to be stimulated by incentives and Stage 1 was intentionally planned to make it relatively simple for Eligible Providers (EPs) to meet meaningful use and successfully submit attestation for the EHR incentives. The process for Stage 1 attestation is primarily based on telling the truth during the web-based attestation process, with minimal or no documentation required.

During the past month I have been contacted by a number of practices who question if they reported correctly during attestation. They have received incentives and now have a nagging concern because they put their name under this CMS statement: “I certify that the foregoing information is true, accurate, and complete. I understand that the Medicare/Medicaid EHR Incentive program payment I requested will be paid from Federal funds, that by filing this attention I am submitting a claim for Federal Funds, and the use of any false claims, statements, or documents, or the concealment of a material fact used to obtain a Medicare/Medicaid EHR Incentive Program payment, may be prosecuted under applicable Federal or State criminal laws and may also be subject to civil penalties.”

The Government Accountability Office recognized some potential problems and six months ago released their report: First Year of CMS’s Incentive Programs Shows Opportunities to Improve Processes to Verify Providers Met Requirements. Verification, that’s the rub. Only if there is an actual audit will the total accuracy of the incentive claims be validated. The achievement of meaningful use, proper documentation, and successful attestation is a complex matter. Those EPs that availed themselves of expert direction and counsel by such groups as the Regional Extension Centers or other valid sources of guidance should be in good shape. I believe that the majority of EPs without expert advice who attested to Stage 1 meaningful use of certified technology and received incentives could not survive an audit unscathed. I’ll let someone else decide if it is a knowledge gap or willful actions behind the improper attestations. Below are a few anecdotes that support this conclusion:

  • I have been contacted by a number of EHR vendors who have reviewed the payment data files available from CMS. Some of those files contain the name of the certified technology that was claimed by EPs during attestation. The vendors have told me they do not recognize as their customers some of the EPs that attest to using their software.
  • One of the most talked about topic by those who are close to the incentive programs is the suspicion that the majority of EPs who have attested and received incentives have not completed Core Measure #15, “Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process”.
  •  Many EPs were upgraded by their legacy vendors to versions of their EHR that were certified to support meaningful use. However, detailed re-configuration on the part of the EPs was necessary to enable the functionality to gather the necessary structured data. Without doing the necessary system work, when the meaningful use data is generated for attestation, Core Measure #9 (Smoking Status), is listed as unstructured data, which it is. That does not meet the requirement of meaningful use.

What can EPs do to lessen their risk moving forward? Well I’m not a lawyer, but this is what I would do: I would initiate a review of any already submitted attestations to make sure they are accurate, truthful, and backed up by documentation. Seek guidance if you are not absolutely sure you know what your are doing. If your review finds “problems” you will not be able to blame your vendor or anyone else. Contact the EHR Information Center (888-734-6433) and begin the process of amending the information that you have submitted, even if was for a 2011 attestation. If you did not meet the requirements for incentives you will need to return the incentives. Better to do that than have your practice embroiled in an audit process with an uncertain outcome.

Jim Tate is founder of EMR Advocate and a nationally recognized expert on the CMS EHR Incentive Program, certified technology and meaningful use.