Doctor's Life Magazine, Tampa Bay Doctor's Life Tampa Bay Vol. 2 Issue 2, 201

The Legal Corner Are You Ready for a Meaningful Use Audit? By Bruce D. Lamb Board Certified in State and Federal Government and Administrative Law Health Law Practice Group Leader Gunster A lthough audits began over a year ago, the frequency of stage one meaningful use audits has accelerated. The Department of Health and Human Services (HHS) has retained an accounting firm, Figloiozzi and Company, to perform audits. As you should be aware, by attesting to having implemented meaningful use of electronic health records (EHR) and accepting an incentive payment, you have subjected yourself to an audit by the Center for Medicare and Medicaid (CMS) and its contractors. In addition, states may audit Medicaid providers. Notice of the initiation of the initial phase of the audit process includes a letter to a provider requesting that documentation of the implementation of EHR be provided. Typically the documentation requested includes the following: 1. Documentation demonstrating that the provider used a certified EHR system. 2. Supporting documentation used by the provider to attest for the core-set for meaningful use criteria; 3. Supporting documentation used by the provider to attest for the menu-set for meaningful use criteria; and, 4. The numerators and denominators for the measures. The level of audit review can vary. Typically, you are provided two weeks to respond by submitting the required documentation. The submission of this documentation may be followed by an on-site review. In addition, auditors may require proof that Clinical Decision Support (CDS) alerts were “turned on” during the entire reporting period. If the auditor does not receive satisfactory documentation, more detailed information will likely be requested. Since providers were required to attest that they would maintain documentation of continuous compliance, a lack of documentation for any time period can lead to an assertion of noncompliance. One requirement that is often overlooked by providers is the requirement to perform a security risk analysis. If the auditor determines that the provider has failed to comply with any requirements, CMS may contact the provider by mail and provide 30 days to refund all monies received for the implementation of meaningful use of EHR. There is a right to appeal. It appears that the auditors are very picky, and require total compliance. Initially, most audits were focused on hospitals and other licensed facilities. However, auditors are now turning their attention to group practices and individual physicians. Since the federal government considers each attestation to constitute a “claim” to the federal government, an individual or organization submitting such an attestation has potential liability under 10 the federal False Claims Act. In addition, there is a 1 percent adjustment to Medicare rei

Doctor's Life Magazine, Tampa Bay Doctor's Life Tampa Bay Vol. 2 Issue 2, 201 | Page 10