Are You Prepared for a Meaningful Use Audit?
Knowing if you are prepared for a Meaningful Use audit is essential to a hospital or a medical provider's business. The Department of Health and Human Services’ Office of Inspector General (OIG) is now performing Meaningful Use audits to focus on several measures during a three-year period. OIG’s main audit goals include:
- A determination of whether practices receiving Medicare/Medicaid Meaningful Use incentive payments were properly entitled to these funds
- A determination of how effectively CMS’ oversight of Meaningful Use payments is made
- An identification of CMS’ overseeing hospital security controls via EHR-integrated networked medical devices
- A determination of covered entities/business associates’ secure use of cloud services and additional downstream services as these relate to protected health information or as maintained by certified EHR. OIG dictates that hospitals must perform security risk analyses.
- Confirmation of the hospital’s EHR contingency plan as required by the Security Rule under HIPAA
- Monitor of HHS’ due diligence in the Meaningful Use Program
How to Prepare for a Meaningful Use Audit
Approximately 20 percent of eligible professionals are audited; so receiving a Meaningful Use audit notification is not rare. It does not mean that the practice has done anything wrong. Preparation for a Meaningful Use audit should be an ongoing process because instant preparation is difficult if not impossible.
Regular performance of mock Meaningful Use audits is one of the best ways to prepare for an actual audit.
Consider these tips to pass a Meaningful Use audit:
- Use screenshots: For the measures allowing a yes-no answer for attestation, such as Stage 2-Core 11 (Patient List), screenshots are a useful tool. Manual ‘print screen’ copies or use of a snipping tool can assist in gathering necessary screenshots. Store printed or electronic copies in a safe, easily accessible place in the event of an audit.
- Refer to the Security Risk Analysis: Meaningful Use Stages 1 and 2 require the Security Risk Analysis. This is the top reason that eligible providers fail audits. This analysis must be done, and it must be documented and dated during the Meaningful Use report period. Refer to the CMS checklist for this measure.
- Appoint a Meaningful Use project manager: Again, preparation is the key to compliance, and many providers simply do not designate a responsible person to oversee the requirements. Appointment of the responsible person ensures that reports are run on a regular basis needed to measure required thresholds. The assigned person can ensure that date-stamped screenshots are being taken in case an audit occurs.
The word “audit” frightens most people, and a Meaningful Use audit can be a stressful event. Planning ahead is a helpful to way to manage expectations and allow everything in the Meaningful Use audit to proceed as smoothly as possible.
Although preparing for an audit that might not occur may seem like a waste of the provider's resources, the costs of failing a Meaningful Use audit are much more severe.