CMS Plans To Audit 5 Percent of Meaningful Use Participants

Posted on April 29, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Are you ready to be reviewed?  Well, get prepared. As part of its ongoing program of supervision, CMS plans to audit 5 percent of participants in the Meaningful Use program for compliance, according to Modern Healthcare.

Since January, CMS has been auditing program participants that have already received their money, as well as those who have applied to receive incentive payments.  Going forward, the two groups will receive about the same level of attention, with a total of 5 percent of program participants ending up getting closer scrutiny from the feds, MH reports.

To date, there haven’t been many adverse findings by CMS, though the agency has discovered a few questionable situations, Robert Anthony, deputy director of the HIT Initiatives Group at CMS, told the magazine. But a few providers are already beginning the appeal process, and several providers may face fraud enforcement investigations, he said.

The bulk of the Meaningful Use reviews will be what the agency dubs “desk audits,” done by the CMS audit contractor Figliozzi and Co., in which information is exchanged electronically. However, a few on-site audits may be conducted as well, Anthony told Modern Healthcare.

To date, among the most common problems CMS has learned about has been provider failures to meet the requirement that they complete a data security risk assessment, a step also required by HIPAA.  When the auditors find that a provider hasn’t done the required data security risk assessment, they could be referred to the HHS Office of Civil Rights for a HIPAA compliance investigation.

Another issue which has turned up frequently has been a lack of adequate documentation that providers have answered some of the “yes or no” questions which are part of Meaningful Use criteria, such as whether their EMR has been tested for clinical data exchange. In that case, providers must be able to document what happened whether or not the test was successful.