CMS: Working to clear up MU audit confusion

Audits of the Meaningful Use/EHR incentive program have caused “a lot of panic,” says Elizabeth Holland, director of the Centers for Medicare & Medicaid Services’ HIT Initiatives Group. Holland spoke with Clinical Innovation + Technology about upcoming plans for the program.

The audits began last year by CMS contractor Figloiozzi and Company. CMS has been “trying to educate the auditors,” says Holland. “They’ve been bean counters, but they need to understand Meaningful Use so they can conduct the audits appropriately.”

Meanwhile, CMS has been trying to figure out exactly what is unclear so they can “correct confusion and issue more guidance,” she adds. The agency already has issued fact sheets detailing requirements for appropriate documentation, primarily addressing those areas where there were deficiencies. For example, while HIPAA calls for a security risk analysis once every two years, Meaningful Use requires providers to conduct a security risk analysis once a year within the provider’s reporting period.

Last year’s audits were “a learning experience for everybody," says Holland. Starting with that sample in 2012 led to the understanding that the auditors were focusing on areas that “we felt weren’t necessarily appropriate.” The auditors are up to speed now, however, and audit protocols have been expanded.

“We are being very, very flexible,” she says. When the initial request goes out, providers have two weeks to produce the appropriate documentation. “If the provider needs more time, we’re very willing to accommodate that.” However, she does caution that if the provider is in a prepayment audit situation, it won’t get payment until the audit is completed. “It’s been an iterative process. We’re trying to figure out what’s unclear. This is not meant to be a ‘gotcha’ process.”

The goal is to audit 5 to 10 percent of the providers who receive Meaningful Use payments, Holland says. However, with sequestration in place, “we can only do as many audits as we have money for.”

With a program that gives out so much money—over $12 billion to date—audits are a necessary element. “When people see that kind of money available, a lot of salivating is going on,” says Holland. The providers most worried about the audits, however, “are probably the ones that really deserve the money and did everything appropriately.

“Part of this is sending a strong message that we are auditing and people need to be fulfilling the requirements of Meaningful Use, not just that you attest and you get money,” she adds.” You really need to be successfully demonstrating Meaningful Use and have the documentation to support that.”