Meaningful Use Audits are Happening

The accounting firm of Figliozzi & Company will be conducting Meaningful Use Audits.  Depending upon the source it has been reported that anywhere from 5% to 10% of doctors who attested for Meaningful Use will face an audit. 
Some of these audits will be pre payment and some will be post payment.   Post payment audits began in 2012 and pre payment audits were announced in March of 2013.
Some of the audits will be random and others will be targeted. 

Some of the doctors who have adverse audit findings are in the process of appealing the audits, while others are facing fraud investigations.

According to Robert Anthony from CMS, the most common problems identified in audits are:
Noncompliance with the requirement that health care providers conduct a data security risk assessment, which is also a requirement under HIPAA  
Lack of adequate documentation to support responses that are YES / NO
Failure to adequately document that the EHR system was tested for the ability to exchange clinical data.
It is interesting to note the the third of these items - testing the ability for the EHR to exchange clinical data has been removed from the Meaningful Use Stage 1 requirements for 2013.   This change may work well in favor of doctors who fail only for this reason and appeal the auditors determination.    
According to Mr Anthony, as long as you have good documentation to support the information that you provided when you attested for Meaningful Use, the audit is very simple.   The problems happen when you do not possess good documentation to support your attestation.  A report from your EHR program that has the numerators and denominators you attested to will be extremely helpful in responding to an audit.   This report should contain the following information:
The Name of the EHR program, and the version to show that it is certified software
The dates / time period of the report that correspond to your reporting period
Your name as the provider for the report 
The audit process was mandated as part of the HITECH act that gave us the incentive payments. This audit process it intended to protect the integrity of the program. Some doctors are having problems with audits because they did not save or properly document some of the core or menu measures of meaningful use that they attested for. Here are some steps you can take now to help you through the audit process should you receive an audit letter.
1. Visit the website where you attested for Meaningful Use and print out a copy of your attestation document. This document is available for you. This way you have a hard copy of what you told CMS when you attested for Meaningful Use
2. If you do not already have a printout of your numerators and denominators from your EHR for your attestation period, print out one today. It is important for the report to have the same date range as the date range on the document you printed from the attestation web site.
1. VERY IMPORTANT – if the numbers on the report from your her DO NOT match the numbers you attested to you need will need to be able to produce documentation explaining why those numbers do not match. A number of audit requests that I have worked on had discrepancies in the numbers and a letter from the EHR vendor was needed to help explain these discrepancies. If you find an issue contact your vendor NOW do not wait until you receive the audit letter.
3. Have written proof that you had access to certified software during your attestation period. This has become a problem for doctors who were working for a practice during their attestation period but have now left that practice. The best proof is a letter from the EHR vendor that you had certified technology during your entire reporting period.
4. Contact your software vendor for information on how to document any and all measures that you attested YES to but do not have any numerators or denominators on your attestation form, and print out that documentation.
5. Make sure you have a complete and well documented Risk Analysis that includes references to your EHR product, and the findings of your Risk Analysis. According to Mr Anthony, a generalized risk analysis will not meet the requirements for Meaningful Use Purposes. A proper risk analysis will address technical, administrative and physical measures and have a plan for mitigating any risks identified during the process.

Many times, when doctors respond to the initial audit request, a second follow up request is received by the doctor. This follow up request usually asks for more detailed information to answer some of the questions of the initial audit request. Most of the time these follow up requests provide very useful information on the nature of the documentation that is required making it relatively straight forward to respond to the request. There are time limits for responding to the initial and follow up audit requests, and up until now, requests for extensions have been granted to allow doctors extra time to gather documentation, especially when that additional documentation needs to be obtained from a third party such as their software vendor.

If you receive an audit letter it is important to understand that the audit findings may result in a fraud investigation.  Therefore it is IMPERATIVE that you contact your Malpractice Company and request that they assist you in answering the audit.    As a consultant for PICA Dr Michael Brody has assisted the PICA attorneys in answering a number of audits of PICA policyholders. Having an experienced team to assist you in answering your audit request can help to ease the audit process and streamline the steps you need to take in order to gather the documentation necessary to answer the questions that the auditors are asking.
TLD Systems has helped hundreds of doctors prepare a HIPAA Risk Analysis that meets all of the requirements of Meaningful Use.  
For more information you can contact Dr Brody at