If you are a health care provider who has received an Electronic Health Record (“EHR”) incentive payment for either Medicare or Medicaid EHR Incentive Programs, it is important that you prepare your business for a recent change implemented by the Centers for Medicare and Medicaid Services (“CMS”). Previously, health care providers receiving payments for the EHR Incentive Programs were simply required to attest meaningful use to CMS. As of July 2012, CMS may require you to do more than attest meaningful use. CMS quietly began to audit providers who received payments under the EHR incentive program this summer.

CMS has started to audit providers, requesting documentation supporting providers’ claims that they have met the Meaningful Use requirements.1 Through these audits, CMS is seeking four types of information:

  1. A copy of the provider's certification from the Office of the National Coordinator for the technology used to meet the incentive program's requirements, as proof that the provider has a certified EHR system; 
  2. The method used to report emergency department admissions; 
  3. Supporting documentation for the completion of the attestation regarding the core set objectives and measures; and 
  4. Supporting documentation for the completion of the attestation regarding the menu set objectives and measures.

What does this mean for your business?

As a provider, you will have two weeks to comply with a CMS Meaningful Use audit. While it appears that the audits will not be overly detailed and will not involve site visits, it is important to check your records and be prepared.

You should save all electronic or paper documentation which support your original attestation, payment calculations, and Clinical Quality Measures (“CQMs”), if applicable. All relevant documentation supporting your attestation should be retained for at least six years, and all documents supporting payment calculations should be retained according to your business’ current documentation retention processes. These steps ensure your ability to validate the accuracy of you attestation, CQMs, as well as your incentive payment.

Finally, if you are audited, be mindful of HIPAA. Although the audits are supposedly confidential, you should proceed cautiously and provide only the “minimum necessary information requested.”