1. 1 Meaningful Use Audits Sarah McIntee, Esq. David Main, Esq. Health TechNet Luncheon May 16, 2014

2. 22 Electronic Health Record Incentive Programs  The Health Information technology for Economic and Clinical Health Act of 2009 (HITECH) earmarked $36 Billion to enable the adoption of electronic health records (EHR) in hospitals and physicians' offices within a decade.  Depending on eligibility, incentives are available under both Medicare and Medicaid.  Incentives are available to eligible professionals and eligible hospitals.  Two Separate Organizations were designate to oversee the process: Center for Medicare and Medicaid Services (CMS) The Office of the National Coordinator (ONC)

3. 33 Meaningful Use Audits Generally  The statutory authority for the EHR Incentive Program requires audits. CMS has indicated that it will audit at least 5% of the attestations in each year. States will also conduct audits of the Medicaid EHR Incentive program Resolution of a failed audit is generally intended to recoup the EHR incentive program payments. Attestations for the EHR Incentive Program fall within the scope of the False Claims Act – this can result in civil and/or criminal liability for both entities and individuals, significant fines, and exclusion from all Federal programs.

4. 44 Types of Audits  Both Pre-Payment and Post-Payment audits are occurring.  Audits can be complete (attestation documentation for most or all measures) or mini-audits (mini-audits at this time seem to be focusing on documentation of certification of EHR).  Medicaid Audits will be conducted by Medicaid auditors in each state. Medicaid audits are more likely to be conducted on site.

5. 55 Types of Audits (cont.)  5-10% of Meaningful Use Attesters will be audited – 50% of those will be a pre-payment audit.  Audits can be random or triggered by a risk profile of suspicious/anomalous data.  If a provider is audited once, they could be subject to successive audits.  If a provider fails an audit, then they are more likely to be audited again for future attestations.

6. 66 Typical Meaningful Use Audit Procedures  Figliozzi sends an audit letter to the e-mail address identified in the CMS attestation;  The audit response time is indicated in the letter and usually only allows the provider 15-30 days to respond.  If the provider fails to respond in a timely fashion, then this could result in them failing the audit.  Figliozzi must send audit recommendations to CMS; if a provider wishes to appeal, must follow a very specific appeals process.

7. 77 What Can I Do?  Meaningful Use audits are a matter of "When" and not "If" Assume that Meaningful Use Audits are unavoidable and prepare accordingly. –Maintain comprehensive records of supporting documentation for each year. Keep all records for at least 6 years post attestation. –Conduct mock/internal audits –Policy and procedure development to ensure standardization and compliance.

8. 88 Tips for Surviving a Meaningful Use Audit  Handle the audit promptly.  Maintain Supporting Documentation  Physicians and administrators need to take charge and verify for themselves that the work is being done.  Avoid Discrepancies  Ensure EHR Certification  Complete a Security Risk Assessment