MU Attestation Audits – Meaningful Use Monday

Posted on July 30, 2012 I Written By

Lynn Scheps is Vice President, Government Affairs at EHR vendor SRSsoft. In this role, Lynn has been a Voice of Physicians and SRSsoft users in Washington during the formulation of the meaningful use criteria. Lynn is currently working to assist SRSsoft users interested in showing meaningful use and receiving the EHR incentive money.

Lynn Scheps is Vice President, Government Affairs at EHR vendor SRSsoft. In this role, Lynn has been a Voice of Physicians and SRSsoft users in Washington during the formulation of the meaningful use criteria. Lynn is currently working to assist SRSsoft users interested in showing meaningful use and receiving the EHR incentive money. Check out Lynn’s previous Meaningful Use Monday posts.

By definition, attestation is based on the honor system—that is, at least until you find yourself the subject of an audit. CMS has launched its anticipated program, and some physicians who have received an EHR incentive payment recently received a letter from the designated auditing firm, Figloiozzi and Company

Although there is no way to predict which physicians will be audited, providing the information requested should not be too onerous a task for those “lucky” ones who are tapped. Providers are being asked to show proof that they possess a certified EHR and to substantiate the data they reported for the core and menu measures—specifically, via “a report from their EHR system that ties to their attestation.” Since all certified EHRs generate an automated measure calculation report and a clinical quality measure report, that documentation should be readily accessible. It would not surprise me if they are also asked to provide documentation of the security and risk analysis that the practice conducted to ensure HIPAA compliance. For suggestions regarding the type of data to retain to support your attestation, see the Meaningful Use Monday post, MU Attestation: Save Your Documentation.

Based on material published by the auditors and by CMS on its EHR Incentives website, it does not seem that the audits will be so detailed as to require site visits or reviews at the patient chart-level. My sense is that CMS is looking to identify failures to comply with the major requirements—adopting and using a certified EHR to meet the meaningful use measures and reporting accurately on the data generated by that EHR. 

(If you have been audited and would like to share your experience, please post a comment.)