Auditing Community of Practice (CoP)

Medicaid Electronic Health Record

(EHR) Incentive Program

September 24, 2015

This is an advanced copy of the Auditing

presentation for your review only. This presentation

is subject to change and should not be reproduced.

The final version of the presentation will be posted

to the Medicaid HITECH TA Web site at a later date.

Agenda

2

Florida Auditing Outreach

Audit Strategy Updates

Question and Answer Period

Upcoming Auditing CoPs

Auditing

Outreach

Why?

Mary Schrenker

Mary.schrenker@ahca.myflorida.com

In Florida . . .

• Contracted with KPMG, LLC.

• Audits began in 2012

• Audit pool includes payments made during

the previous state fiscal year – July

through June

• Prepayment Review

September 24, 2015 4

Audit Results through July 2015

September 24, 2015 5

Of the 28 audits with a finding:

16 have been remediated,

4 payments have been recouped

1 payment plan

7 attempting to remediate

Three Years Audit Coverage

September 24, 2015 6

Audit Process Timeline

Select Auditees from relevant Stages

Audit Notification and Information Request

Completion of Audits Notification from AHCA

of Audit Findings

• Audit selection occurs approximately seven months after the end of the

program year

September 24, 2015 7

Documentation Request • The documentation request list(s) will ask providers to produce

reports and screen shots that support information attested to.

Patient Volume

• Provide a patient-level detail report that supports the numerator and denominator attested to in your application.

Meaningful Use Measures

• Provide documentation that demonstrates each of the Core and Menu Measures attested to were met.

September 24, 2015 8

Why Outreach?

September 24, 2015 9

Outreach Efforts

September 24, 2015 10

Audit Results

Audit Focused Webinars

Tip Sheet

Workshops

FAQs

Other Webinars

Pre-Payment

Processing

July 23, 2015 11

http://www.ahca.myflorida.com/medicaid/ehr/dow

nloads/AuditTipSheet.pdf

July 23, 2015 12

Common Meaningful Use Audit Issues

• Conduct or review a security risk analysis (SRA) and implement

security updates as necessary, and correct identified security

deficiencies as part of the risk management process

– Maintain completed, signed, and dated documentation that an SRA

was performed during the program year prior to attestation

– Document identified deficiencies and mitigation plan

• Attesting to an exclusion correctly

– Understand when it is appropriate to claim exclusions to measures

– Supporting documentation (i.e. dashboard) should show an EP

qualified for an exclusion.

July 23, 2015 13

Common Meaningful Use Audit Issues

(continued)

• Providing sufficient documentation to support the specific requirements within

the objective of the measure were met (i.e. clinical summaries)

– Documentation should include the required fields specified in the objective for the

measure

– Preparing documentation at the time of attestation may help to avoid issues retrieving

data at a later date

• Providing sufficient documentation to support Core and Menu Measures

– EPs are encouraged to maintain support for all measures for at least two patients in

case of system changes, staff turnover, and inability to access information at a later

date

– Dashboard alone is not enough

July 23, 2015 14

July 23, 2015 15

September 24, 2015 16

Success

Small practices lack resources

Persons responding to audits are not necessarily the ones that participate in

webinars/meetings

Document everything

Prepare at time of attestation

Does Not Have to be Negative

Response to Audit Notification

Thank you so much for planning this audit at

the same time every practice in the United

States is rushing to prepare for ICD 10. You

sure want to increase the suicide rate of

physicians!

September 24, 2015 17

Public Health Documentation

• There have been some issues as to what the Medicare auditors accept as Public Health measure verification

• CMS will be issuing a survey to all the states and territories regarding the documentation issued by Public Health verifying EP/EH communication (contact; testing, on-going status)

• The states will be asked to provide sample copies of the states’ PH verification documentation

• CMS will work with the Medicare auditors to determine their requirements

18

CHPL Update

CHPL now has a CMS Certification ID look up!

19

Audit Strategy Updates

The Audit Strategies equate to Section D of the SMHP; the public copy of the SMHP should note include audit discussion

Any changes to your audit strategy – including pre- and post-payments changes – need to be submitted and approved by CMS prior to implementing the changes

Updated Audit Strategies should be submitted as the whole document with re-lined changes. Audit Strategies are not updated with addendums

20

Audit Strategy Evaluation Criteria

Each Audit Strategy is evaluated on the following criteria:

21

Audits done by State Medicaid Agency (SMA) or Contractor Audit Document Sources

Who conducts Eligible Hospital (EH) Meaningful Use (MU) audits? Field Audit Triggers

Pre-payment Patient Volume (PV) Verification* How report audits to CMS

Pre-payment Certified EHR Technology (CEHRT) Verification* Who conducts appeals?

Pre-payment MU Verification* Does the SMA have an All-Payer Claims Database (APCD)?

Number of Staff Reviewing Pre-payment* Automated interfaces to Public Health Association (PHA)

Provider Letter Template* How you receive documentation from providers

Audit Checklist* How do you store audit documentation?

How many risk categories? Recoupment process

Audit selection % by risk category Risk factors or categories for MU

Audit All or Questionable

Audit Strategy Criteria

Audits done by State Medicaid Agency (SMA)

or Contractor – for both pre- and post-payment

Who conducts Eligible Hospital (EH)

Meaningful Use (MU) audits? – CMS vs. the

agency; for dual eligible and/or Medicaid only.

Appropriate designation language is required (next slide)

22

Audit Strategy Criteria

The state electing the option for Medicare to conduct MU post-payment audits for dual

eligible (and Medicaid-only) EHs are required to:

(1) designate CMS to conduct all audits and appeals of EHs meaningful use

attestation;

(2) be bound by the audit and appeal findings;

(3) perform any necessary recoupments arising from the audits; and

(4) (4) be liable for any FFP granted to the state to pay EHs that, upon audit (an any

subsequent appeal) are determined not to have been meaningful EHR users.

Any adverse CMS audits (for states that have made the election) would be subject to the

CMS administrative appeals process and not the state appeals process.

The state should include a signed agreement that the state has opted for CMS to conduct

such audits and appeals and agreeing to the 4 provisions noted in the first paragraph of

this section.

23

Audit Strategy Criteria

Pre-payment Patient Volume (PV) Verification – process (Medicaid Management Information System [MMIS]; Decision Support System [DSS])

Pre-payment Certified EHR Technology (CEHRT) Verification – use of CHPL; how access (web services vs. manual lookup)

Pre-payment MU Verification – what level; quick review; review of similar denominators, etc.

24

Audit Strategy Criteria

Number of Staff Reviewing Pre-payment – how many different staff review attestation before final determination

Provider Letter Template – copy of letter(s) sent to providers

Audit Checklist – minimally for post-payment audits; can include pre-payment

How many risk categories?- developed from risk assessment (e.g. 3, 4, 5)

25

Audit Strategy Criteria

Audit selection % by risk category – the details of your audit selection process; how determine

Audit All or Questionable – look at everything on a post-payment audit; or only those elements that seem incorrect

Audit Document Sources – what sources do you use – and where to they come from? Provider supplied; MMIS/DSS; APCD

26

Audit Strategy Criteria

Field Audit Triggers – adverse desk audit?

EP lack of cooperation with desk audit? All

High Risk EPs?

How report audits to CMS – manually

enter into R&S UI or electronically via an E7

Who conducts appeals? – the HIT team only? Overall agency appeal process?

27

Audit Strategy Criteria

Does the SMA have an All-Payer Claims Database (APCD) – you may want to indicate if you do not have an APCD

Automated interfaces to Public Health Association (PHA) – how do you verify the Public Health measures?

How you receive documentation from providers – indicate what secure methods you use for audit documentation you request; upload to SLR; secure email; encrypted DVD/flash drive; USPS

28

Audit Strategy Criteria

How do you store audit documentation?

– post payment audit documentation; paper

in a secure filing location? Agency network

drive? And for how long to you retain the

documentation?

Recoupment process – what is your

process? Do you request a check? Recoup

via MMIS? Set up and payment plan?

29

Audit Strategy Criteria

Risk factors or categories for MU – do

you conduct a risk assessment on MU

measures? Are the findings part of your Risk

categories?

2014 Flexibility Rule – have you added

your process for auditing attestations

submitted via the Flexibility Rule?

30

Questions and responses from this webinar will

be provided for your reference after the call.

Please enter your question in the “Questions”

pane in your control panel.

Thank You!

31

Upcoming CoPs

32

Auditing CoPs will be held every other

month in 2015; still the 4th Thursday at 2 ET;

except for November – which is the next

Auditing CoP!

The next Auditing CoP is scheduled for

November 19 (3rd Thursday) – Watch for

appointment!