Post on 23-Dec-2015
Meaningful Use, MU Audits
and Stage 2 Measures – “Is
it Worth the Money?”Chris Apgar, CISSP
OrHIMA Fall Instutute 2014
Overview
Meaningful Use Overview
Who is Being Audited
Consequences of Failing an Audit
Preparing for and Surviving an Audit
Summary and Q&A
3
Meaningful Use
The purpose of Meaningful Use was to incentivize adoption of EHR technology
Hospitals and eligible health care professionals (EP) could apply for Medicare or Medicaid incentives
In some cases hospitals can apply for Medicaid and Medicare incentives
In most cases the amount of incentive dollars does not cover all expenses
3
Meaningful Use
EHR implementation and Meaningful Use attestation could be expensiveSoftware and hardware costsStaff trainingData conversionAdditional data collectionOngoing maintenance costs Increasing requirements of Stage 2
4
Meaningful Use
Stage 1 and Stage 2 Meaningful Use required hospitals and EPs to attest to having met a set number of core measures and a set number of measures from a list of additional measures
At the time of attestation, hospitals and EPs needed to be able to demonstrate measures were met if asked to prove it
5
Meaningful Use
May be able to delay move to MU Stage 2 and attest to Stage 1 instead
If you attested early, you may be stuck with Stage 2
Example: If you attested to MU in 2012, you must attest to Stage 2 in 2014. If you attested to MU in 2013, you can attest to Stage 1 in 2014.
6
Who’s Being Audited?
Per CMS if you attested, there’s a 10% chance you will be audited at some point
Audits are provider by provider versus by clinic or hospital
It doesn’t matter the size of the provider
You may be audited more than once7
If You’re Audited…
Short time frame to respond
Documentation must definitively prove you met measures attested to
Documentation needs to be complete, easily accessible and very “black and white”
You may go through multiple rounds of documentation production
Document production requests not necessarily clear
8
If You’re Audited…
If you’re unsure, ask before sending
Only provide what is asked for
Assign a point person to respond to attestation audits
Make sure your vendor can support providing needed documentation that is accurate
If non-compliant with HIPAA, auditor may report to OCR
9
If You’re Audited…
You may fail the audit the first time – request clarification as to why
Make sure the auditor is specific – saves time in supplying multiple versions of documentation that may not be consistent
Keep all audit related documentation and communication with the auditor handy
10
Consequences if You Fail
If you ultimately fail an audit, expect a demand letter to repay Meaningful Use incentive dollars
If you receive a demand letter, you can appeal
For more information from CMS - https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Appeals.html 11
Consequences if You Fail
You do not have multiple levels of appeal
Failure to pay will likely result in withheld Medicare reimbursement
Audits go back to the first year of attestation – you may be audited for more than one period so may fail an audit for more than one period
No word on Oregon Medicaid audits yet
12
How to Prepare
Understand all MU Requirements
Have a Clear Documentation Trail and create it before you attest
You will only have two weeks to respond – don’t start building your documentation trail when you receive the letter
13
The Notice Arrives…
First Notice – two options to respond:Secure Web PortalMail
Check your documentation before you send it
Again, ask questions if you don’t understand what’s being requested
14
Documentation
Screen shots
Exact dates to match your attestation period
Audit Trail Documentation
EHR generated reports Make sure they work Make sure the data generated during the
attestation period is preserved
Sample discharge summaries, post-appointment documentation, etc.
15
(A)Item
Number
Follow Up Request Date
Method Of Request
Follow Up Request Received
Date
Final Request Date
Final Request Received Date
Comments
1
03/04/13 E-mail
2
03/04/13 E-mail
03/04/13 E-mail
a.
03/04/13 E-mail
b.
03/04/13 E-mail
c.
03/04/13 E-mail
d.
03/04/13 E-mail
e.
03/04/13 E-mail
f.03/04/13 E-mail
g.
03/04/13 E-mail
4
03/04/13 E-mail
Menu #9- Immunization Registries Data Submission: The exclusion was claimed for this measure. Either a statement attesting to the fact that no immunizations were administered or a letter/e-mail from the immunization registry stating that they were unable to receive immunization data electronically at the time of your attestation.
For the Core Measures listed on tab (2) of this workbook, the documentation supplied for numerators and denominators does not agree to what was reported on your attestation. Could you please explain these variances?
3
Core #15- Protect Electronic Health Information: Proof that a security risk analysis of the certified EHR technology was performed prior to the end of the reporting period (i.e. report which documents the procedures performed during the analysis, the results of the analysis, and whether corrective measures were implemented as necessary).
Menu #1- Drug Formulary Checks: An audit trail from the EHR software which demonstrates that the drug formulary functionality was enabled for the entire attestation period.
Core #11- Clinical Decision Support Rule: An audit trail from the EHR software which demonstrates that a clinical decision support rule was enabled for the entire attestation period.
Core #14- Electronic Exchange of Clinical Information: Screenshots from the EHR which document a test exchange of key clinical information or a letter/e-mail from the receiving provider confirming the electronic exchange. This documentation should include the date of the exchange, the names of the sending/receiving providers, the type of EHR used by each provider, and whether the exchange was successful or unsuccessful.
Menu #3- Patient Lists: A list of your patients sorted by a specific medical condition that was generated by the EHR.
(B)Requested Documents
Proof of Possession- Please provide licensing agreements, invoices, contracts, etc. from the time the EHR technology system was purchased and/or updated. Ensure that the vendor, product name AND product version number that was attested to is included on the documentation.
Core #2- Drug Interaction Checks: An audit trail from the EHR software which demonstrates that the drug interaction functionality was enabled for the entire attestation period.
Please provide all of the documents requested below by the due date. The auditor will complete Column C.
Reports were supplied which detail the numerators and denominators of the Core Measures. However, we did not receive reports for the Menu Measures. Please supply a summary report for your attestation period (1/3/11 - 4/4/11) for the following measures:
Menu #2 - Clinical Lab Test ResultsMenu #7 - Medication Reconciliation
(C)For Completion by Auditor
No documentation was supplied to support the following “Yes”/”No" attestation measures: Core #2- Drug Interaction Checks, Core #11- Clinical Decision Support Rule, Core #14- Electronic Exchange of Clinical Information, Core #15- Protect Electronic Health Information, Menu #1- Drug Formulary Checks, Menu #3- Patient Lists, Menu #9- Immunization registries Data Submission. Please supply documentation to support these measures. Please see the following examples of what may be supplied for each measure:
Centers for Medicare and Medicaid ServicesDocument Request List - Eligible Professionals
Medicare Electronic Health Record (EHR) Incentive Program
Dr. Matthew Bliven
30000001SW7XEAS
1/3/2011-4/4/2011
Organization:
EHR Certification Number:
EHR Reporting Period:
16
Survival Mode
Don’t panic
Work with your EHR and other supporting vendors
Focus specifically on what is requested – no more and no less
Detail is good
17
Survival Mode
Dates are critical – make sure you can document what you attested to occurred during the attestation period
It will be fine (if you’re able to demonstrate you met the requirements)
May require multiple iterations
Work with all your EMR Partners – State RegistryCounty Health DepartmentHIT Regional Extension Center
18
Pitfalls to Avoid
Reports, screen prints, letters from vendors related to MU, etc. must be dated during the attestation period
If you attested to something you didn’t do (like conduct that risk analysis), you will likely be asked to pay the money back
You can’t respond timely if you don’t know where your documentation is
19
Pitfalls to Avoid
Keep your EHR vendor honest – just because they were certified doesn’t mean everything works, especially if you customize
If your EHR vendor can’t produce the exact data from the attestation period, you may be asked to return the incentive payment
Make sure you can produce proof if something changed and why
20
Example of Vendor Failure
EHR miscounted number of encounters – cancelled appointments were tallied
Data stored in EHR was cumulative – the data from the attestation period wasn’t preserved
Manual count of encounters did not match EHR reports
All measures were met but due to EHR issues, the provider was asked to return the incentive
21
Pitfalls to AvoidIf using multiple vendors for MU, make sure you
can consolidate the data
Make sure all dates and data from each vendor matches
Specialty practices beware – modifications to meet needs may make proving you did the right thing difficult
Make sure you have the right EHR version – some vendors offer certified and non-certified EHRs
22
Pitfalls to Avoid
If you’re just starting, do plenty of research
Make sure what you’re buying is the certified version (not the basic and after install the vendor asks for more money)
Auditors are black and white but have been reasonable thus far
Train you staff – what to say and not to say to an auditor
23
How to Prepare
Before the auditor arrives:Run through a mock auditTalk to your colleagues who have
been auditedTalk to your vendorsPreserve data just in case your
vendor fails you
24
How to Prepare
Take a close look at each measure you attested to and generate proof you met the measure
Save that documentation centrally
Don’t forget it’s more than conducting a risk analysis – remember the risk mitigation and management part
Make sure that patient portal is up, operable and used (available to 50% of patients and 5% are using)
25
How to Prepare
Can your patients communicate with you securely and are they doing so?
Omnibus Rule permits unencrypted communication with patients but MU does not
When sending or providing required information like summaries of care, make sure it’s documented somewhere (paper and electronic)
26
How to Prepare
If you use an HIE to exchange data that needs to be counted, such as a summary of care, make sure it can be tracked
Don’t lose sight of other privacy and security requirements – lack of attention may result in an OCR letter
Don’t trust vendors – make them prove it
27
Reasons Not to Attest
Not all health care professionals are eligible
It doesn’t pencil outLow or no Medicare patient countCost and burden are considered excessiveYou don’t think you can meet measures
during attestation period
28
In The End…
You need to be able to prove it
CMS will ask for its money back
States and Medicaid incentive program audits still a mystery
Most auditors don’t have a sense of humor
If you have it, make sure you can find it and quickly
29
Resources
CMS: http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/index.html
eHealth Programs Interactive Timeline: http://cms.gov/apps/interactive-timeline
CMS Stage 1 Attestation Worksheet (EP): http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/downloads/EP_Attestation_Worksheet.pdf
30
Resources
CMS Stage 1 Attestation Worksheet (hospitals): http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/downloads/Hospital_Attestation_Worksheet.pdf
CMS Meaningful Use for Specialists Tips: http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/Meaningful_Use_Specialists_Tipsheet_1_7_2013.pdf
31
Resources
CMS Meaningful Use Rule Change – 2014: http://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2014-Press-releases-items/2014-08-29.html
NJ-HITECH “Become Audit Proof”: http://www.njhitec.org/files/6113/6803/5394/Become_Audit_Proof.pdf
31
Chris Apgar, CISSPCEO & President