EHR Meaningful Use Audits

CMS has hired a CPA Company, Figliozzi & Company out of Garden City, NY, to perform audits of providers that have attested to having achieved EHR meaningful use under ARRA. Those providers 'chosen' for audit will receive a letter from the contractor. The letter will have CMS logo on the letterhead.

CMS has posted audit guidelines on their website.

Who can be audited? I don't think there is a way to determine who may be audited. There is no legacy data or history to come up with a pattern. If you receive an audit letter, there are just a few things you may need to provide.

  1. You would be asked to provide proof that you have purchased and are still in possession of (or access to, in case of a web-based EHR) an ONC certified EHR system.
  2. Second, prove that the data you reported for core and menu set measures were generated from this system. So, in other words, you really used the certified EHR system to generate data for reports, and therefore you used the system in a 'meaningful way'. This should be easy to do if your system generated the report for you. You should also be able to generate the same report again if required by plugging in the attestation time period you originally selected.
  3. There were some items that were a yes/no attestation, based on what the EHR system is capable of, for example, 'implement drug-drug and drug-allergy interaction checks, or 'Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities', i.e. Security risk analysis. I am not sure if you will be required to submit proof of this, because this capability is something that is intrinsic to the Certified EHR system you selected. So, even if asked, you would have to get the auditors in touch with the vendor.
  4. Finally, will they do site visits? I honestly doubt it. I think since Attestation was an honor system, they are probably just looking for major defaulters, or identify general failures with some key requirements.

 

I would like to hear from anyone that has received such a letter.