1. Claire Turcotte, Esq. Partner Bricker & Eckler LLP 9277 Centre Pointe Drive, Suite 100 West Chester, Ohio 45069 cturcotte@bricker.com (513) 870-6573 1

2.  EHR Incentive Program Background  Legal and Compliance Concerns  Meaningful Use Medicare Audit Overview  Hot Medicare Audit Issues  Mock/Internal Medicare Audits  Lessons Learned  MU Program Resources  Questions? 2

3. 3

4.  Medicare and Medicaid EHR Incentive Program established by American Recovery and Reinvestment Act of 2009  Incentives paid to eligible professional (EPs), eligible professionals (ERs), and critical access hospitals (CAHs) for meaningful use of EHR  Must meet ALL program requirements to receive payments  Medicare payments from May 2011 through 2016 (Medicare) and January 2011 through 2021 (Medicaid) 4

5.  Approximately 480,000 EPs, EHs and CAHs have registered for the Medicare and Medicaid MU Program  Over 404,000 Medicare and Medicaid providers (EHs, CAHs, EPs) have received an EHR incentive payment as of May, 2014  Over $24 Billion in Medicare and Medicaid MU incentive payments since 2011 Source: http://www.cms.gov/Regulations-and- Guidance/Legistlation/EHRIncentivePrograms/Data 5

6. 6

7. 7

8.  If the attestation is inaccurate, there is a risk of violating the Federal False Claims Act (32 U.S.C. § 3729)  Penalties under the False Claims Act are crippling ($5,500 to $11,000 per claim, plus treble damages)  Exclusion from Medicare program  Possible prison 8

9.  If the attestation is inaccurate, the EH, EP, or CAH has received an overpayment from CMS  Under the Affordable Care Act, if an overpayment is received, it must reported and returned to CMS or the Medicare contractor, as appropriate  Within 60 days after the date the overpayment is identified  An overpayment that is not returned within the 60 day period becomes an obligation under the False Claims Act 9

10.  Health Management Associates (HMA) returned $31 million in MU incentives following an internal audit revealing that HMA failed to meet MU at some of its hospitals  CIO and multiple VPs lost jobs after HMA returned the MU incentives  May trigger CMS audits of HMA’s MU attestations  Expect to see more MU incentive dollars returned in the future with increasing self-audits 10

11.  February, 2014 Shelby Regional Medical Center, Tyler, Texas former CFO indicted for health care fraud  Faces up to 7 years in prison and $500,000 in fines for making false statements to CMS on MU attestations to receive over $785,655 in MU incentives  Allegedly CFO used another person’s identity to attest  Allegedly attested to meaningfully using certified EHR when hospital used paper records  Faces exclusion from Medicare 11

12.  Federal law enforcement is focused on MU program in an effort to protect the Federal fisc  “As more and more federal dollars are made available to adopt Electronic Health Record systems, our office is expecting to see more cases like this one … the Office of Inspector General is committed to protecting the millions of taxpayer dollars used to pay providers to adopt Electronic Health Record systems.” Special Agent in Charge Mike Fields of the U.S. Dept. of HHS, OIG, Dallas Regional Office 12

13. 13

14.  Any EP, EH or CAH that attests to having met MU requirements to receive MU incentives may be audited  5-10% of providers will be audited  Assume WHEN not IF you will be audited  Prepare from the START to BE audited  CMS began post-payment audits in July 2012  Starting in January 2013, CMS began pre- payment audits (both random and targeted) 14

15. 15

16.  Figliozzi & Company conducting Medicare MU audits  Sends standard letter via email to individual who attested  10 business days to submit response  Auditor reviews; may request additional info via email  Insufficient response or anomalies may result in onsite visit 16

17. 17

18.  Auditors will request:  Source documentation used to attest  Certification info from ONC  Screen shots or other evidence  Evidence showing info was generated for the specific EP, EH, or CAH 18

19.  Auditors will request (cont.):  Documentation showing the reporting method  Summary level reports for each measure  Numerators and denominators for each measure  Time period covered by report  Security Risk Analysis and plan to correct deficiencies 19

20.  May result in onsite review of:  Demonstration of structured data and functionality of EHR  Medical record reviews  Billing information reviews  Census reviews  Screen shots  Audit Logs  Other 20

21. 21

22.  Proof of certification for all modules  Pay close attention to and include dates  Narratives are critical  Compare core/menu to attested  Security review demands increasing 22

23.  Maintain security review mitigation list  CQMs no longer being audited  Focus will change from CAH & rural hospitals  If you don’t hear from Figliozzi, contact them 23

24. 24

25.  Before you attest  Assign accountable person for MU attestation  Build the right MU team, including Clinical (CMO, physicians, nursing) IT (including both EHR and IT services and security) Legal Compliance Audit Records/information management 25

26.  Maintain “book” of evidence for EACH EH and CAH  Hybrid “book” for EPs  Maintain documentation supporting payment calculations  Organize documentation by measure  Use multiple data/document types  Reports, screenshots, policies 26

27.  Primary source documents are reports generated by certified EHR  Report should contain:  Numerators and denominators for measures  Time period covered by report  Evidence to support report was generated for that provider, such as National Provider Identifier (NPI), CMS Certification Number (CCN), provider name, practice name  Snapshot vs. rolling reports 27

28.  Screenshots from certified EHR  Indicate vendor’s name and EHR version  Reports generated by certified EHR  Medication administration records  Denominator records (e.g., all patients/admitted/seen)  Yes/No functionality verification  Proof of meeting exception 28

29.  Keep documentation for at least six years post-last year of attestation  Store in a centralized, easily retrievable yet secure manner for quick audit response 29

30. 30

31.  TIP 1: Confirm/update contact for audit letters; beware of spam filters  TIP 2: Be ready to respond quickly to documentation requests, follow up requests, or on-site visits  TIP 3: Cooperate with auditors  Ask for clarification  Ask for extension if needed 31

32.  TIP 4: Confirm internally or obtain external validation and verification of metrics and security requirements  Recalculate percentages for meeting measures  Validate logic used to produce reports and data  Review security risk analysis and plan for deficiencies  TIP 5: Consider conducting review under attorney- client privilege  TIP 6: Plan ahead for process to upload documentation 32

33.  Audits: EHR Incentive Programs Supporting Documentation for Audits  CMS Stage 2 Webpage ResourcesOverview Tip Sheet  Stage 2 Overview Tip sheet  Stage 2 Meaningful Use Specifications Sheet Table of Contents  Attestation Worksheet for Stage 2  Payment Adjustments & Hardship Exceptions (EPs & Hospitals)  2014 CQM Webpage 33

34.  For more information:  www.INComplianceConsulting.com and click on “Health Care Consulting”  Or contact us at: cturcotte@incomplianceconsulting.com.

35. Q & A? Claire Turcotte, Esq. Partner Bricker & Eckler LLP 9277 Centre Pointe Drive, Suite 100 West Chester, Ohio 45069 cturcotte@bricker.com (513) 870-6573 8051055.1 35