According to the Centers for Medicare and Medicaid Services (CMS), participants in the meaningful use program have a one in 20 chance of being subjected to a compliance audit.

Under the American Recovery and Reinvestment Act (ARRA), the 2009 federal stimulus package, eligible hospitals and health care professionals who demonstrate meaningful use of electronic health record systems (EHR) can qualify for incentive payments under Medicaid and Medicare. Participation by eligible providers has been robust, particularly by hospitals. According to a CMS factsheet, 85 percent of eligible hospitals are participating in the program and more than 75 percent of hospitals have received payments under the program as of March 2013. Of eligible health care professionals, 73 percent are participating, but only 44 percent have received payments as of last month.

CMS has stated that the majority of audits will be “desk audits” conducted by an audit contractor. However, a few on-site audits may occur. Some health care providers have already been notified by CMS of adverse audit findings. A few of these providers have started the appeals process and some providers could face fraud investigation. According to CMS, the most frequent issues arising in the audits are: (i) noncompliance with the requirement that providers perform a security risk assessment (a requirement under HIPAA as well); and (ii) a lack of proper documentation to support responses to the meaningful use requirements.