Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009, eligible health care professionals and hospitals can qualify for Medicare and Medicaid incentive payments when they adopt certified electronic health record (EHR) technology and use it in a meaningful way—also known as the EHR Incentive Program. What is considered “meaningful use” is evolving in three stages:
- Stage 1 (which began in 2011 and remains the starting point for all providers): “meaningful use” consists of transferring data to EHRs and being able to share information, including electronic copies and visit summaries for patients.
- Stage 2 (to be implemented in 2014 under the proposed rule): “meaningful use” includes new standards such as online access for patients to their health information, and electronic health information exchange between providers.
- Stage 3 (expected to be implemented in 2016): “meaningful use” includes demonstrating that the quality of health care has been improved.
Now that providers have begun receiving payments under the EHR Incentive Program, the Centers for Medicare and Medicaid Services “has quietly begun to audit providers, according to an alert from the law firm Ober Kaler. The Garden City, N.Y.-based accounting firm Figliozzi and Company, acting on behalf of CMS, has started to send letters to providers requesting them to submit documentation to support their attestation that they have met the Meaningful Use requirements.
According to Ober Kaler, the auditor is asking for four types of information:
- A copy of the provider's certification from the Office of the National Coordinator for the technology used to meet the program's requirements, to show that the provider has a certified EHR system. “Presumably, this documentation will be used to demonstrate that the entity ‘possesses’ a certified Electric Health Record technology system as required under Program rules.”
- The method (observation services or all emergency department visits) used to report emergency department admissions, which affects some of the required measures
- Supporting documentation for the completion of the attestation regarding the “core set” objectives and measures
- Supporting documentation for the completion of the attestation regarding the “menu set” objectives and measures
Ober Kaler noted that, “Based on questions from recipients, an amended version of the audit letter has been sent out, adding "(i.e., a report from your EHR system that ties to your attestation)" to the latter two categories of requested documentation. This clarifies that the audit letters seek additional detailed information but are not, at this time, requesting identifiable or detailed patient records.”
The audit letters do not provide audited entities much time to respond – a short, two-week response time is specified. Unfortunately, it is also unclear how audit candidates are selected, so hospitals and professionals will not be able to "plan ahead" for an audit they can be certain is coming.
CMS is required to conduct audits of providers attesting under the EHR incentive program, but has posted only general information about the audits. CMS does provide contact information for the auditing firm on its website.
CMS has implemented some automatic checks built into its databases to verify information submitted by providers and plans to audit a sample of eligible professionals and hospitals to verify that payments made to hospitals are accurate, according to a recent GAO report.
However, GAO found that these audit processes were insufficient and was particularly concerned about auditing providers only after they're paid incentive money.