Transcript Document

Meaningful Use,
MU Audits and
Stage 2 Measures
– “Is it Worth the
Money?”
Chris Apgar, CISSP
OrHIMA Fall Instutute 2014
Overview
 Meaningful Use Overview
 Who is Being Audited
 Consequences of Failing an Audit
 Preparing for and Surviving an Audit
 Summary and Q&A
3
Meaningful Use
 The purpose of Meaningful Use was to
incentivize adoption of EHR technology
 Hospitals and eligible health care
professionals (EP) could apply for Medicare or
Medicaid incentives
 In some cases hospitals can apply for
Medicaid and Medicare incentives
 In most cases the amount of incentive dollars
3
does not cover all expenses
Meaningful Use
 EHR implementation and Meaningful Use
attestation could be expensive
 Software and hardware costs
 Staff training
 Data conversion
 Additional data collection
 Ongoing maintenance costs
 Increasing requirements of Stage 2
4
Meaningful Use
 Stage 1 and Stage 2 Meaningful Use required
hospitals and EPs to attest to having met a set
number of core measures and a set number of
measures from a list of additional measures
 At the time of attestation, hospitals and EPs
needed to be able to demonstrate measures
were met if asked to prove it
5
Meaningful Use
 May be able to delay move to MU Stage 2 and
attest to Stage 1 instead
 If you attested early, you may be stuck with
Stage 2
Example: If you attested to MU in 2012, you
must attest to Stage 2 in 2014. If you attested
to MU in 2013, you can attest to Stage 1 in
2014.
6
Who’s Being Audited?
 Per CMS if you attested, there’s a 10% chance
you will be audited at some point
 Audits are provider by provider versus by clinic
or hospital
 It doesn’t matter the size of the provider
 You may be audited more than once
7
If You’re Audited…
 Short time frame to respond
 Documentation must definitively prove you
met measures attested to
 Documentation needs to be complete, easily
accessible and very “black and white”
 You may go through multiple rounds of
documentation production
8
 Document production requests not necessarily
clear
If You’re Audited…
 If you’re unsure, ask before sending
 Only provide what is asked for
 Assign a point person to respond to attestation
audits
 Make sure your vendor can support providing
needed documentation that is accurate
 If non-compliant with HIPAA, auditor may report
9
to OCR
If You’re Audited…
 You may fail the audit the first time – request
clarification as to why
 Make sure the auditor is specific – saves time
in supplying multiple versions of
documentation that may not be consistent
 Keep all audit related documentation and
communication with the auditor handy
10
Consequences if You
Fail
 If you ultimately fail an audit, expect a demand
letter to repay Meaningful Use incentive dollars
 If you receive a demand letter, you can appeal
 For more information from CMS https://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/A
ppeals.html
11
Consequences if You
Fail
 You do not have multiple levels of appeal
 Failure to pay will likely result in withheld
Medicare reimbursement
 Audits go back to the first year of attestation –
you may be audited for more than one period
so may fail an audit for more than one period
 No word on Oregon Medicaid audits yet
12
How to Prepare
 Understand all MU Requirements
 Have a Clear Documentation Trail and create it
before you attest
 You will only have two weeks to respond –
don’t start building your documentation trail
when you receive the letter
13
The Notice Arrives…
 First Notice – two options to respond:
 Secure Web Portal
 Mail
 Check your documentation before you send it
 Again, ask questions if you don’t understand
what’s being requested
14
Documentation
 Screen shots
 Exact dates to match your attestation period
 Audit Trail Documentation
 EHR generated reports
 Make sure they work
 Make sure the data generated during the attestation period
is preserved
 Sample discharge summaries, post-appointment
documentation, etc.
15
Centers for Medicare and Medicaid Services
Document Request List - Eligible Professionals
Medicare Electronic Health Record (EHR) Incentive Program
Organization:
Dr. Matthew Bliven
EHR Ce rtification Numbe r:
30000001SW7XEAS
EHR Re porting Pe riod:
1/3/2011-4/4/2011
Please provide all of the documents requested below by the due date. The auditor will complete Column C.
(A)
Item
Number
1
(B)
Reques ted Documents
(C)
For Completion by Auditor
Follow Up
Reques t Date
Method Of
Reques t
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
Reports were supplied which detail the numerators and denominators of the Core
Measures. However, we did not receive reports for the Menu Measures. Please supply
a summary report for your attestation period (1/3/11 - 4/4/11) for the following
measures:
Menu #2 - Clinical Lab Test Results
Menu #7 - Medication Reconciliation
2
3
Proof of Possession- Please provide licensing agreements, invoices, contracts, etc. from
the time the EHR technology system was purchased and/or updated. Ens ure that the
ve ndor, product name AND product ve rs ion numbe r that was atte s te d to is
include d on the docume ntation.
No documentation was supplied to support the following “Yes”/”No" attestation
measures: Core #2- Drug Interaction Checks, Core #11- Clinical Decision Support Rule,
Core #14- Electronic Exchange of Clinical Information, Core #15- Protect Electronic
Health Information, Menu #1- Drug Formulary Checks, Menu #3- Patient Lists, Menu
#9- Immunization registries Data Submission. Please supply documentation to support
these measures. Please see the following examples of what may be supplied for each
measure:
a. Core #2- Drug Interaction Checks: An audit trail from the EHR software which
demonstrates that the drug interaction functionality was enabled for the entire
attestation period.
b. Core #11- Clinical Decision Support Rule: An audit trail from the EHR software
which demonstrates that a clinical decision support rule was enabled for the entire
attestation period.
c. Core #14- Electronic Exchange of Clinical Information: Screenshots from the EHR
which document a test exchange of key clinical information or a letter/e-mail from
the receiving provider confirming the electronic exchange. This documentation
should include the date of the exchange, the names of the sending/receiving
providers, the type of EHR used by each provider, and whether the exchange was
successful or unsuccessful.
d. Core #15- Protect Electronic Health Information: Proof that a security risk analysis
of the certified EHR technology was performed prior to the end of the reporting
period (i.e. report which documents the procedures performed during the analysis,
the results of the analysis, and whether corrective measures were implemented as
necessary).
e. Menu #1- Drug Formulary Checks: An audit trail from the EHR software which
demonstrates that the drug formulary functionality was enabled for the entire
attestation period.
f.
16
4
Menu #3- Patient Lists: A list of your patients sorted by a specific medical condition
that was generated by the EHR.
g. Menu #9- Immunization Registries Data Submission: The e xclus ion was claime d
for this me as ure . Either a statement attesting to the fact that no immunizations
were administered or a letter/e-mail from the immunization registry stating that they
were unable to receive immunization data electronically at the time of your
attestation.
For the Core Measures listed on tab (2) of this workbook, the documentation supplied
for numerators and denominators does not agree to what was reported on your
attestation. Could you please explain these variances?
Follow Up
Reques t Received
Date
Final Reques t
Date
Final Reques t
Received Date
Comments
Survival Mode
 Don’t panic
 Work with your EHR and other supporting
vendors
 Focus specifically on what is requested – no
more and no less
 Detail is good
17
Survival Mode
 Dates are critical – make sure you can document
what you attested to occurred during the
attestation period
 It will be fine (if you’re able to demonstrate you met
the requirements)
 May require multiple iterations
 Work with all your EMR Partners –
 State Registry
 County Health Department
 HIT Regional Extension Center
18
Pitfalls to Avoid
 Reports, screen prints, letters from vendors
related to MU, etc. must be dated during the
attestation period
 If you attested to something you didn’t do (like
conduct that risk analysis), you will likely be
asked to pay the money back
 You can’t respond timely if you don’t know
where your documentation is
19
Pitfalls to Avoid
 Keep your EHR vendor honest – just because
they were certified doesn’t mean everything
works, especially if you customize
 If your EHR vendor can’t produce the exact
data from the attestation period, you may be
asked to return the incentive payment
 Make sure you can produce proof if something
changed and why
20
Example of Vendor
Failure
 EHR miscounted number of encounters –
cancelled appointments were tallied
 Data stored in EHR was cumulative – the data
from the attestation period wasn’t preserved
 Manual count of encounters did not match EHR
reports
 All measures were met but due to EHR issues,
the provider was asked to return the incentive
21
Pitfalls to Avoid
 If using multiple vendors for MU, make sure you
can consolidate the data
 Make sure all dates and data from each vendor
matches
 Specialty practices beware – modifications to
meet needs may make proving you did the right
thing difficult
 Make sure you have the right EHR version –
22
some vendors offer certified and non-certified
EHRs
Pitfalls to Avoid
 If you’re just starting, do plenty of research
 Make sure what you’re buying is the certified
version (not the basic and after install the
vendor asks for more money)
 Auditors are black and white but have been
reasonable thus far
 Train you staff – what to say and not to say to
an auditor
23
How to Prepare
Before the auditor arrives:
 Run through a mock audit
 Talk to your colleagues who have been
audited
 Talk to your vendors
 Preserve data just in case your vendor fails
you
24
How to Prepare
 Take a close look at each measure you attested
to and generate proof you met the measure
 Save that documentation centrally
 Don’t forget it’s more than conducting a risk
analysis – remember the risk mitigation and
management part
 Make sure that patient portal is up, operable and
25
used (available to 50% of patients and 5% are
using)
How to Prepare
 Can your patients communicate with you
securely and are they doing so?
 Omnibus Rule permits unencrypted
communication with patients but MU does not
 When sending or providing required
information like summaries of care, make sure
it’s documented somewhere (paper and
electronic)
26
How to Prepare
 If you use an HIE to exchange data that needs
to be counted, such as a summary of care,
make sure it can be tracked
 Don’t lose sight of other privacy and security
requirements – lack of attention may result in
an OCR letter
 Don’t trust vendors – make them prove it
27
Reasons Not to Attest
 Not all health care professionals are eligible
 It doesn’t pencil out
 Low or no Medicare patient count
 Cost and burden are considered excessive
 You don’t think you can meet measures during
attestation period
28
In The End…
 You need to be able to prove it
 CMS will ask for its money back
 States and Medicaid incentive program audits
still a mystery
 Most auditors don’t have a sense of humor
 If you have it, make sure you can find it and
quickly
29
Resources
 CMS:
http://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/i
ndex.html
 eHealth Programs Interactive Timeline:
http://cms.gov/apps/interactive-timeline
 CMS Stage 1 Attestation Worksheet (EP):
30
http://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/
downloads/EP_Attestation_Worksheet.pdf
Resources
 CMS Stage 1 Attestation Worksheet (hospitals):
http://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/d
ownloads/Hospital_Attestation_Worksheet.pdf
 CMS Meaningful Use for Specialists Tips:
http://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/D
ownloads/Meaningful_Use_Specialists_Tipshee
t_1_7_2013.pdf
31
Resources
 CMS Meaningful Use Rule Change – 2014:
http://www.cms.gov/Newsroom/MediaRelease
Database/Press-releases/2014-Pressreleases-items/2014-08-29.html
 NJ-HITECH “Become Audit Proof”:
http://www.njhitec.org/files/6113/6803/539
4/Become_Audit_Proof.pdf
31
Chris Apgar, CISSP
CEO & President