A November 29, 2012 report from the HHS Office of Inspector General (OIG) sets forth several recommendations to improve CMS’s oversight of the Medicare and Medicaid EHR Incentive Programs.  Specifically, the report expresses concern that CMS does not employ any methodology to ensure the accuracy of meaningful use data submitted by eligible providers during the attestation process, and that CMS’s current practice of targeted post-payment review is not sufficient to ensure that incentive payments are being properly paid.

In preparation of its report, OIG reviewed the meaningful use data submitted to CMS by eligible providers who received incentive payments.  (OIG reviewed only data contained in CMS’s EHR Incentive Program database, and did not request documentation directly from eligible providers.)  While OIG found that the data submitted by meaningful users satisfied specific meaningful use measures, OIG found that CMS has no safeguards to verify the accuracy of that data prior to paying incentives.

Though the report acknowledges that CMS is not required by the HITECH Act to conduct prepayment review, OIG nonetheless recommends that “CMS should direct selected high-risk [eligible] professionals and hospitals to submit documentation supporting their self-reported meaningful use information for prepayment review.”  OIG does not define a “high-risk” eligible provider, but recommends using the same criteria CMS plans to use for selecting providers for post-payment review.

OIG is also critical of the documentation sources CMS has indicated it will examine during post-payment review.  For percentage-based measures, CMS plans to audit reports generated by an eligible provider’s certified EHR to verify that the numerators and denominators submitted for attestation are accurate.  However, OIG notes that these reports may be inaccurate if the relevant encounter data was inaccurately entered into the EHR.  For other measures, such as verifying that an eligible provider has enabled drug-drug and drug-allergy interaction checks, CMS has indicated it will accept a screen shot of the EHR that indicates the provider has actually enabled the checks.  The report contends, however, that screen shots only show what checks a provider has enabled at a given moment in time, and do not verify that the checks were enabled during the entire reporting period.  OIG recommends that CMS issue detailed instructions to providers regarding documentation sources that will verify meaningful use data for all measures.

The OIG report is available by clicking here.