1

Mark Norris, CEOMedical Records Services, LLC

4.16.14

Meaningful Use Audits

Best Practices for keeping your

Incentive Dollars

2

Are you ready?

• Are you sure…????

33

44

Audits are here ……it’s not pretty. There was a real need for HIT adoption to be

stimulated by incentives and Stage 1 was intentionally planned to make it

relatively simple for Eligible Providers (EPs) to meet meaningful use and

successfully submit attestation for the EHR incentives. The process for Stage 1 attestation is primarily based on telling

the truth during the web-based attestation process, with minimal or no

documentation required.

55

66

What triggers a CMS Incentive Payment Audit?

Automated tools will be used to identify potential audit targets using attestation data CMS is using a 3 tiered approach

77

Tier 1 Goal: To narrow the list of providers, within an individual objective, whose attestation data may differ significantly from the universe of submitted data. � Outlier Anomaly Detection: Each objective with numeric values will go through regression analysis to identify outliers as compared to the NLR dataset. Benchmarking: Benchmarks will be established by grouping providers by certain attributes. Using the established benchmark, compare against similar providers to detect which providers fall more than 2-3 standard deviations from the mean. � Trend Analysis: Using the attestation audit trails, analyze trends by provider looking for patterns in how they are submitting the data including the timing between submissions and changes in denominator, numerator and percentages. � Criteria Comparison: Verify that measures using the same denominator are applied consistently. Validate the basis for selecting the exclusion option.

88

Tier 2 Goal: Refine potential audit targets using secondary data sources � Utilize the list of potential audit targets identified in Tier 1 and use secondary data sources to validate the attestation data � Providers that are not in the Tier 1 list may be picked up in Tier 2 based on attestation data responses when compared with secondary data sources � The primary focus for this approach is attestation criteria that have a denominator/ numerator value.

Method: � Data Comparison o Utilize secondary data sources to compare against attestation data submitted by the provider � Data Validation o Utilize secondary data sources to determine if the values submitted are correct

99

Tier 3 Goal: An alternate set of selection approaches for Field/Desk Audit In addition to the Tier 1 and Tier 2 methods, audit target candidates will also be identified using alternate methods. These methods may include: � Eligible Hospitals that received the largest incentive payments � Large physician organizations that received the largest incentive payments � Large physician organizations operating on a single HER with variation in responses (requires individual attestations through Tier 1 and Tier 2) � Providers who indicated use of multiple EHRs with the capability of collecting data for only a few CQMs � A representative sample of certified EHRs in order to determine each EHRs capabilities to support collection of data necessary to meet MU measures � EPs not affiliated with a Regional Extension Center � A random sample of individual Eligible Professionals

1010

These and other possible approaches will continue to be examined throughout Stage 1 attestation process based on factors including the evaluation of early adopter attributes, availability of additional secondary data sources and continued refinements of the audit strategy. As a matter of routine, all participants selected for audit will be required to provide “proof of possession” for certified EHRs attached to the submitted Certificate ID. Source: Medicare – HITECH Meaningful Use Audit Strategy Framework.

1111

An Auditors Job…..get the $$ back?Is it bait and switch? It feels like it sometimes…

I don’t envy their jobs. Imagine how much clarification and guidance has come out in the past two years to help explain the details of MU. Now imagine trying to audit compliance with a process that has generated so much confusion. One of the Stage 1 MU objectives, Exchange of Key Clinical Information, is so confusing to achieve and document that even CMS has thrown in the towel on this one for 2013: “Beginning in 2013, the objective for electronic exchange of key clinical information will no longer be required for Stage 1 for EPs, eligible hospitals, and CAHs. Providers faced numerous challenges in understanding the requirements for this objective…” In my communications with auditors on behalf of clients I have found them responsive and willing to review all collateral documentation. There has been a diligent effort on their part to balance the documentation requirements with common sense. It is a delicate balance…….

1212

"Most of the issues center around documentation, the things to keep, especially for the yes/no measures," Robert Anthony, deputy director of the Health IT Initiatives Group at CMS' Office of e-Health Standards and Services, …..

….. Much of the work needs to be done before you even get the audit notice, starting with collecting data and making sure you hold onto it.

Preparation and Documentation

1313

1414

●Pre payment or post payment?● Light or full?●Failed communication requests?

• E mail changed?● Incomplete documentation?●What are they asking for??

• OMG is this really happening ?

CMS or Medicaid???Start there…

1515

Common Themes

1616

1717

1818

1919

2020

2121

2222

2323

According to CMS, there is no all‐inclusive list of supporting documents, as the level of the audit review may depend on a number of factors. However, CMS clearly states that the primary documentation that will be requested in all reviews is the source document(s) that the provider used when completing the attestation. 

2424

What to Expect

If you are selected for an audit, Figliozzi and Company, acting on behalf of CMS, will send a letter requesting that you submit documentation to support your attestation that you have met the Meaningful Use requirements. The request letter will be sent electronically by the audit contractor from a CMS email address and will include the audit contractor’s contact information. The email address provided during registration for the EHR Incentive Program will be used for the initial request letter.

2525

2626

2727

2828

2929

Providers selected for the audits have two weeks to submit their documentation.

Per CMS, the initial review process will be conducted at the audit contractor’s location, using the information received as a result of the initial request letter. Additional information might be needed during or after this initial review process, and in some cases an on‐site review at the provider’s location could follow. 

A demonstration of the EHR system could be requested during the on‐site review. A secure communication process has been established by the contractor, which will assist the provider to send any information that could be considered sensitive. Any questions pertaining to the information request should be directed to the audit contractor.

3030

Details of the Audits

There are numerous pre‐payment edit checks built into the EHR Incentive Programs' systems to detect inaccuracies in eligibility, reporting and payment. 

Post‐payment audits will also be completed during the course of the EHR Incentive Programs.

If, based on an audit, a provider is found to not be eligible for an EHR incentive payment, the payment will be recouped. 

CMS has an appeals process for eligible professionals, eligible hospitals and critical access hospitals that participate in the Medicare EHR Incentive Program. 

States will implement appeals processes for the Medicaid EHR Incentive Program. For more information about these appeals, please contact your State Medicaid Agency.

3131

1. Regional Extension Centers have reported the following experiences with Figliozzi during audits to their practices regarding percentage‐based core and menu measure reports:

a) Figliozzi & Company will double‐check to ensure that the dates on the reports match the reporting period dates during the attestation.

b) Figliozzi & Company will ensure that the numerators and denominators from the reports match the numbers that were entered during attestation.

c) Fizliozzi & Company is giving the following guidance: “Please Note:  If you are providing a summary report from your EHR system as support for your numerators/denominators, please ensure that we can identify that the report has actually been generated by your EHR (i.e. your EHR logo is displayed on the report, or step‐by‐step screenshots which demonstrate how the reports generated by your EHR are provided.)

The Meaningful Use Burning Issues Group at HITRC recognized that this guidance from the auditor under (c) is not consistent with CMS FAQ 3209 which reads: "EPs, eligible hospitals, and Critical Access Hospitals (CAHs) can use a separate, uncertified system to calculate numerators and denominators and to generate reports on all measures of the core and menu set meaningful use objectives except CQMs."

As CMS will not answer questions regarding these discrepancies, providers are asked to refer their Meaningful Use audit questions to Peter Figliozzi at (516) 745‐6400 x302 or by email at pfigliozzi@figliozzi.com. Figliozzi and Company’s website is http://www.figliozzi.com/

3232

Audit Appeals

CMS is now accepting appeals for eligible professionals and eligible hospitals that have not passed the Meaningful Use EHR Audit. For general questions and for information on how to file an appeal, please visit the EHR Incentive Programs Appeals page on the CMS Website.

States will have separate audit appeals processes for their Medicaid EHR Incentive Program. Practitioners requiring additional information about those audits and appeals can contact MaineCare for more information.

3333

From CMS FAQ7711: Required Documents 

CMS Question: What information should an eligible professional, eligible hospital, or critical access hospital participating in the Medicare or Medicaid Electronic Health Record (EHR) Incentive Programs maintain in case of an audit?

CMS ANSWER: An audit may include a review of any of the documentation needed to support the information that was entered in the attestation. 

(Required Documents)

The level of the audit review may depend on a number of factors, and it is not possible to include an all‐inclusive list of supporting documents. 

(Primary Documentation)

The primary documentation that will be requested in all reviews is the source document(s) that the provider used when completing the attestation. This document should provide a summary of the data that supports the information entered during attestation. Ideally, this would be a report from the certified EHR system, but other documentation may be used if a report is not available or the information entered differs from the report. 

This summary document will be the starting point of most reviews and should include, at minimum:

The numerators and denominators for the measures The time period the report covers 

Evidence to support that it was generated for that eligible professional, eligible hospital, or critical access hospital.

3434

(Additional Documentation)

Although the summary document is the primary review step, there could be additional and more detailed reviews of any of the measures, including review of medical records and patient records. The provider should be able to provide documentation to support each measure to which he or she attested, including any exclusions claimed by the provider. 

A few examples of additional support are as follows:

Drug‐Drug/Drug‐Allergy Interaction Checks and Clinical Decision Support – Proof that the functionality is available, enabled, and active in the system for the duration of the EHR reporting period.

Electronic Exchange of Clinical Information – Screenshots from the EHR system or other documentation that document a test exchange of key clinical information (successful or unsuccessful) with another provider of care. Alternately, a letter or email from the receiving provider confirming the exchange, including specific information such as the date of the exchange, name of providers, and whether the test was successful.

3535

3636

3737

3838

3939

4040

4141

4242

4343

4444

4545

4646

4747

Protect Electronic Health Information – Proof that a security risk analysis of the certified EHR technology was performed prior to the end of the reporting period (e.g., report which documents the procedures performed during the analysis and the results). 

Drug Formulary Checks – Proof that the functionality is available, enabled and active in the system for the duration of the EHR reporting period.

Immunization Registries Data Submission, Reportable Lab Results to Public Health Agencies, and SyndromicSurveillance Data Submission– Screenshots from the EHR system or other documentation that document a test submission to the registry or public health agency (successful or unsuccessful). Alternately, a letter or email from registry or public health agency confirming the receipt (or failure of receipt) of the submitted data, including the date of the submission, name of parties involved, and whether the test was successful. 

Exclusions – Documentation to support each exclusion to a measure claimed by the provider. 

For Medicare eligible professionals and for hospitals that are eligible for both Medicare and Medicaid EHR incentive payments and are selected for an audit–

When a provider is selected for an audit, they will receive an initial request letter from the audit contractor.  The request letter will be sent electronically by the audit contractor from a CMS email address and will 

include the audit contractor’s contact information.  The email address provided during registration for the EHR Incentive Program will be used for the initial 

request letter.

4848

CFO Charged with Meaningful Use FraudFebruary 10, 2014 | By jimtate

“Joe White, 66, of Cameron, Texas, was indicted by a federal grand jury on January 22, 2014, and charged with making false statements to the Centers for Medicare and Medicaid Services (CMS) and aggravated identity theft.”

“According to the indictment, on November 20, 2012, White falsely attested to CMS that Shelby Regional Medical Center (Shelby Regional) met the meaningful use requirements for the 2012 fiscal year. However, Shelby Regional relied on paper records throughout the fiscal year and only minimally used electronic health records. To give the false appearance that the hospital was actually using Certified Electronic Health Record Technology, White directed its software vendor and hospital employees to manually input data from paper records into the electronic health record (EHR) software, often months after the patient was discharged and after the end of the fiscal year.”

“The indictment further alleges that White falsely attested to the hospital’s meaningful use by using another person’s name and information without that individual’s consent or authorization. As a result of the false attestation, CMS paid Shelby Regional $785,655. In total, hospitals operated by Dr. Mahmood, including Shelby Regional, were paid $16,794,462.66 by the Medicaid and Medicare EHR incentive programs for fiscal years 2011 and 2012.”

“If convicted, White faces up to five years in federal prison for making a false statement and up to two years in federal prison for aggravated identity theft.”

4949

Final Thoughts

• Save all electronic or paper documentation that supports attestation• Have a MU Audit file for each provider per year• Save documentation that supports values entered in CQM modules • Save documentation that supports payment calculations • Protect electronic health information • Have proof that a thorough security risk assessments of the certified EHR technology and its environment was performed prior to the end of the reporting. (You will want a report that documents the procedures performed during the analysis and the final results of the analysis.) • Get help – most practices that go it alone fail…..it is complex and

everchanging….

Document, Document, Document

5050

LinksHealth IT.gov SRA toolhttp://www.healthit.gov/providers‐professionals/security‐risk‐assessment‐tool

MU FAQ’shttp://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/FAQ.html

Payment adjustments and Hardship Exemptionshttp://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/PaymentAdj_Hardship.html

MU Definitionshttp://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Meaningful_Use.html

MU Educational Resourceshttp://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/EducationalMaterials.html

Mark Norris, CEOMedical Records Services, LLC

415 East Main, Suite 332, Canfield Ohio 44406330-967-0332 (O) 330-565-4596 (C)

mnorris@medrecserv.comwww.medrecserv.com