Transcript Document
Meaningful Use,
MU Audits and
Stage 2 Measures
– “Is it Worth the
Money?”
Chris Apgar, CISSP
OrHIMA Fall Instutute 2014
Overview
Meaningful Use Overview
Who is Being Audited
Consequences of Failing an Audit
Preparing for and Surviving an Audit
Summary and Q&A
3
Meaningful Use
The purpose of Meaningful Use was to
incentivize adoption of EHR technology
Hospitals and eligible health care
professionals (EP) could apply for Medicare or
Medicaid incentives
In some cases hospitals can apply for
Medicaid and Medicare incentives
In most cases the amount of incentive dollars
3
does not cover all expenses
Meaningful Use
EHR implementation and Meaningful Use
attestation could be expensive
Software and hardware costs
Staff training
Data conversion
Additional data collection
Ongoing maintenance costs
Increasing requirements of Stage 2
4
Meaningful Use
Stage 1 and Stage 2 Meaningful Use required
hospitals and EPs to attest to having met a set
number of core measures and a set number of
measures from a list of additional measures
At the time of attestation, hospitals and EPs
needed to be able to demonstrate measures
were met if asked to prove it
5
Meaningful Use
May be able to delay move to MU Stage 2 and
attest to Stage 1 instead
If you attested early, you may be stuck with
Stage 2
Example: If you attested to MU in 2012, you
must attest to Stage 2 in 2014. If you attested
to MU in 2013, you can attest to Stage 1 in
2014.
6
Who’s Being Audited?
Per CMS if you attested, there’s a 10% chance
you will be audited at some point
Audits are provider by provider versus by clinic
or hospital
It doesn’t matter the size of the provider
You may be audited more than once
7
If You’re Audited…
Short time frame to respond
Documentation must definitively prove you
met measures attested to
Documentation needs to be complete, easily
accessible and very “black and white”
You may go through multiple rounds of
documentation production
8
Document production requests not necessarily
clear
If You’re Audited…
If you’re unsure, ask before sending
Only provide what is asked for
Assign a point person to respond to attestation
audits
Make sure your vendor can support providing
needed documentation that is accurate
If non-compliant with HIPAA, auditor may report
9
to OCR
If You’re Audited…
You may fail the audit the first time – request
clarification as to why
Make sure the auditor is specific – saves time
in supplying multiple versions of
documentation that may not be consistent
Keep all audit related documentation and
communication with the auditor handy
10
Consequences if You
Fail
If you ultimately fail an audit, expect a demand
letter to repay Meaningful Use incentive dollars
If you receive a demand letter, you can appeal
For more information from CMS https://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/A
ppeals.html
11
Consequences if You
Fail
You do not have multiple levels of appeal
Failure to pay will likely result in withheld
Medicare reimbursement
Audits go back to the first year of attestation –
you may be audited for more than one period
so may fail an audit for more than one period
No word on Oregon Medicaid audits yet
12
How to Prepare
Understand all MU Requirements
Have a Clear Documentation Trail and create it
before you attest
You will only have two weeks to respond –
don’t start building your documentation trail
when you receive the letter
13
The Notice Arrives…
First Notice – two options to respond:
Secure Web Portal
Mail
Check your documentation before you send it
Again, ask questions if you don’t understand
what’s being requested
14
Documentation
Screen shots
Exact dates to match your attestation period
Audit Trail Documentation
EHR generated reports
Make sure they work
Make sure the data generated during the attestation period
is preserved
Sample discharge summaries, post-appointment
documentation, etc.
15
Centers for Medicare and Medicaid Services
Document Request List - Eligible Professionals
Medicare Electronic Health Record (EHR) Incentive Program
Organization:
Dr. Matthew Bliven
EHR Ce rtification Numbe r:
30000001SW7XEAS
EHR Re porting Pe riod:
1/3/2011-4/4/2011
Please provide all of the documents requested below by the due date. The auditor will complete Column C.
(A)
Item
Number
1
(B)
Reques ted Documents
(C)
For Completion by Auditor
Follow Up
Reques t Date
Method Of
Reques t
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
03/04/13
E-mail
Reports were supplied which detail the numerators and denominators of the Core
Measures. However, we did not receive reports for the Menu Measures. Please supply
a summary report for your attestation period (1/3/11 - 4/4/11) for the following
measures:
Menu #2 - Clinical Lab Test Results
Menu #7 - Medication Reconciliation
2
3
Proof of Possession- Please provide licensing agreements, invoices, contracts, etc. from
the time the EHR technology system was purchased and/or updated. Ens ure that the
ve ndor, product name AND product ve rs ion numbe r that was atte s te d to is
include d on the docume ntation.
No documentation was supplied to support the following “Yes”/”No" attestation
measures: Core #2- Drug Interaction Checks, Core #11- Clinical Decision Support Rule,
Core #14- Electronic Exchange of Clinical Information, Core #15- Protect Electronic
Health Information, Menu #1- Drug Formulary Checks, Menu #3- Patient Lists, Menu
#9- Immunization registries Data Submission. Please supply documentation to support
these measures. Please see the following examples of what may be supplied for each
measure:
a. Core #2- Drug Interaction Checks: An audit trail from the EHR software which
demonstrates that the drug interaction functionality was enabled for the entire
attestation period.
b. Core #11- Clinical Decision Support Rule: An audit trail from the EHR software
which demonstrates that a clinical decision support rule was enabled for the entire
attestation period.
c. Core #14- Electronic Exchange of Clinical Information: Screenshots from the EHR
which document a test exchange of key clinical information or a letter/e-mail from
the receiving provider confirming the electronic exchange. This documentation
should include the date of the exchange, the names of the sending/receiving
providers, the type of EHR used by each provider, and whether the exchange was
successful or unsuccessful.
d. Core #15- Protect Electronic Health Information: Proof that a security risk analysis
of the certified EHR technology was performed prior to the end of the reporting
period (i.e. report which documents the procedures performed during the analysis,
the results of the analysis, and whether corrective measures were implemented as
necessary).
e. Menu #1- Drug Formulary Checks: An audit trail from the EHR software which
demonstrates that the drug formulary functionality was enabled for the entire
attestation period.
f.
16
4
Menu #3- Patient Lists: A list of your patients sorted by a specific medical condition
that was generated by the EHR.
g. Menu #9- Immunization Registries Data Submission: The e xclus ion was claime d
for this me as ure . Either a statement attesting to the fact that no immunizations
were administered or a letter/e-mail from the immunization registry stating that they
were unable to receive immunization data electronically at the time of your
attestation.
For the Core Measures listed on tab (2) of this workbook, the documentation supplied
for numerators and denominators does not agree to what was reported on your
attestation. Could you please explain these variances?
Follow Up
Reques t Received
Date
Final Reques t
Date
Final Reques t
Received Date
Comments
Survival Mode
Don’t panic
Work with your EHR and other supporting
vendors
Focus specifically on what is requested – no
more and no less
Detail is good
17
Survival Mode
Dates are critical – make sure you can document
what you attested to occurred during the
attestation period
It will be fine (if you’re able to demonstrate you met
the requirements)
May require multiple iterations
Work with all your EMR Partners –
State Registry
County Health Department
HIT Regional Extension Center
18
Pitfalls to Avoid
Reports, screen prints, letters from vendors
related to MU, etc. must be dated during the
attestation period
If you attested to something you didn’t do (like
conduct that risk analysis), you will likely be
asked to pay the money back
You can’t respond timely if you don’t know
where your documentation is
19
Pitfalls to Avoid
Keep your EHR vendor honest – just because
they were certified doesn’t mean everything
works, especially if you customize
If your EHR vendor can’t produce the exact
data from the attestation period, you may be
asked to return the incentive payment
Make sure you can produce proof if something
changed and why
20
Example of Vendor
Failure
EHR miscounted number of encounters –
cancelled appointments were tallied
Data stored in EHR was cumulative – the data
from the attestation period wasn’t preserved
Manual count of encounters did not match EHR
reports
All measures were met but due to EHR issues,
the provider was asked to return the incentive
21
Pitfalls to Avoid
If using multiple vendors for MU, make sure you
can consolidate the data
Make sure all dates and data from each vendor
matches
Specialty practices beware – modifications to
meet needs may make proving you did the right
thing difficult
Make sure you have the right EHR version –
22
some vendors offer certified and non-certified
EHRs
Pitfalls to Avoid
If you’re just starting, do plenty of research
Make sure what you’re buying is the certified
version (not the basic and after install the
vendor asks for more money)
Auditors are black and white but have been
reasonable thus far
Train you staff – what to say and not to say to
an auditor
23
How to Prepare
Before the auditor arrives:
Run through a mock audit
Talk to your colleagues who have been
audited
Talk to your vendors
Preserve data just in case your vendor fails
you
24
How to Prepare
Take a close look at each measure you attested
to and generate proof you met the measure
Save that documentation centrally
Don’t forget it’s more than conducting a risk
analysis – remember the risk mitigation and
management part
Make sure that patient portal is up, operable and
25
used (available to 50% of patients and 5% are
using)
How to Prepare
Can your patients communicate with you
securely and are they doing so?
Omnibus Rule permits unencrypted
communication with patients but MU does not
When sending or providing required
information like summaries of care, make sure
it’s documented somewhere (paper and
electronic)
26
How to Prepare
If you use an HIE to exchange data that needs
to be counted, such as a summary of care,
make sure it can be tracked
Don’t lose sight of other privacy and security
requirements – lack of attention may result in
an OCR letter
Don’t trust vendors – make them prove it
27
Reasons Not to Attest
Not all health care professionals are eligible
It doesn’t pencil out
Low or no Medicare patient count
Cost and burden are considered excessive
You don’t think you can meet measures during
attestation period
28
In The End…
You need to be able to prove it
CMS will ask for its money back
States and Medicaid incentive program audits
still a mystery
Most auditors don’t have a sense of humor
If you have it, make sure you can find it and
quickly
29
Resources
CMS:
http://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/i
ndex.html
eHealth Programs Interactive Timeline:
http://cms.gov/apps/interactive-timeline
CMS Stage 1 Attestation Worksheet (EP):
30
http://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/
downloads/EP_Attestation_Worksheet.pdf
Resources
CMS Stage 1 Attestation Worksheet (hospitals):
http://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/d
ownloads/Hospital_Attestation_Worksheet.pdf
CMS Meaningful Use for Specialists Tips:
http://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/D
ownloads/Meaningful_Use_Specialists_Tipshee
t_1_7_2013.pdf
31
Resources
CMS Meaningful Use Rule Change – 2014:
http://www.cms.gov/Newsroom/MediaRelease
Database/Press-releases/2014-Pressreleases-items/2014-08-29.html
NJ-HITECH “Become Audit Proof”:
http://www.njhitec.org/files/6113/6803/539
4/Become_Audit_Proof.pdf
31
Chris Apgar, CISSP
CEO & President