Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2015 CHAN Healthcare Place Image Here Preparing for Meaningful Use Audits Erik Dahl, CISA, CISSP IT Audit Director.

Published byKathlyn Shonda Rich Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2015 CHAN Healthcare Place Image Here Preparing for Meaningful Use Audits Erik Dahl, CISA, CISSP IT Audit Director."— Presentation transcript:

1 © 2015 CHAN Healthcare Place Image Here Preparing for Meaningful Use Audits Erik Dahl, CISA, CISSP IT Audit Director

2 © 2015 CHAN Healthcare 22 Learning Objectives  Understand the types of Meaningful Use audits that you may be subject to  Understand the process CMS audits are following  Learn what supporting documentation is being requested  Discuss key lessons learned that may help you with your audit defense strategy

3 © 2015 CHAN Healthcare 33 Agenda  Meaningful Use  Common Challenges  Attestation Requirements Overview  Types of Audits  Initial CMS Audit Results  Meaningful Use Audit Process  Audit Notification  Documentation Request  Providing Documentation  Lessons Learned

4 © 2015 CHAN Healthcare 44 Common MU Challenges  A fast-paced timeline for adopting Meaningful Use criteria, mandating aggressive project implementation plans and reporting to achieve Meaningful Use status  Ever increasing and evolving changes and complexity to the Meaningful Use Attestation requirements, magnifying the need for maintaining and sustaining an effective Compliance and Reporting Program  Completing a Security Risk Assessment that covers the requirements for Meaningful Use Attestation Reporting, Testing and Validation, Documentation Retention and Compliance with HIPAA and HITECH requirements  Likelihood of being audited by CMS for compliance and failure to provide proper supporting evidence, resulting in payments being withheld or payments being recouped by CMS  Knowing the relevant supporting documentation that should be maintained and archived post-attestation to support the Meaningful Use Attestation calculations and measurements that were filed

5 © 2015 CHAN Healthcare 55 Meaningful Use (MU) – Attestation Requirements Overview  Attestation Requirements  Meet Program Eligibility Requirements  Use Certified Electronic Health Record Technology (CEHRT) during the attestation period  Achievement of Core and Menu Measures  Implementation and Reporting of Clinical Quality Measures  Completed Security Risk Assessment  Penalties  If non-compliant, refund Meaningful Use incentives earned plus penalties where applicable  If fraudulent attestation, punishment may involve imprisonment, significant fines, or both; loss of operating license; exclusion from Medicare/Medicaid participation for a specified length of time; and/or civil liability (Medicare/Medicaid fraud)

6 © 2015 CHAN Healthcare 66 Types of Meaningful Use Audits  Centers for Medicare and Medicaid Services (CMS)  Most common type of MU audit  Cover Medicare or dually eligible  Performed by Figliozzi & Company  Target between 5 to 10% of attestations  Performed as both Pre and Post payment audits  Medicaid  Performed by states and their contractors  If first year of participation, the audit will focus on support for adopting, implementing, or upgrading, certified EHR technology  Beyond first year, requirements similar to CMS audit requirements

7 © 2015 CHAN Healthcare 77 Types of Meaningful Use Audits  Office of the Inspector General (OIG)  Performed beginning in 2015 as oversight audits over CMS  May cover all your attestations not just one program year  Looking for support of Medicaid patient volumes and Medicare cost report calculation  You may only have 10 days to respond to the audit  The OIG warns of secure transmission of any documentation containing ePHI  Medicare Administrative Contractor (MAC) EHR Audits  Audits have recently began focusing on Critical Access Hospitals  Focused on cost reporting and allowable costs and inpatient days  Request listing is provided in the form of a spreadsheet  Some requests have been mistaken for phishing attacks

8 © 2015 CHAN Healthcare 88 Initial CMS Audit Results – Eligible Professionals  Pre-payment Audits – Eligible Professionals 1 Of those EP’s audited, 21 percent failed pre-payment audit Of those that did not pass, 93 percent did not meet “appropriate objectives and associated measures” The remaining 7 percent did not use a certified EHR when attesting  Post Payment Audits – Eligible Professionals 1 Of those EP’s audited, 23 percent failed post payment audit Of those that did not pass, 99 percent did not meet “appropriate objectives and associated measures” The remaining 1 percent did not use a certified EHR when attesting 1 - CMS provided this information to Steve Spearman, of advisory firm Health Security Solutions, in November 2014, nine months after he filed a Freedom of Information Act request.

9 © 2015 CHAN Healthcare 99 Initial CMS Audit Results – Eligible Hospitals  Post Payment Audits – Eligible Hospitals 1 Eligible Hospitals had a much lower audit failure rate at 4.7 percent. Incentive payments to be returned, pending an appeal, ranged from $280,414 to $3,430,591 The average incentive payment proposed for return (pending an appeal) was $1,132,937  Common Audit Failure Reasons Lack of security risk analysis Failure to use a certified and complete EHR Failure to maintain supporting evidence 1 - CMS provided this information to Steve Spearman, of advisory firm Health Security Solutions, in November 2014, nine months after he filed a Freedom of Information Act request.

10 © 2015 CHAN Healthcare 10 CMS MU Audit - Notification  Audit Engagement Cover Letter  Document Request Letter  Web Portal Instructions  Web Portal Frequently Asked Questions

11 © 2015 CHAN Healthcare 11 CMS Audit Notification – Audit Engagement Letter

12 © 2015 CHAN Healthcare 12 CMS Audit Notification – Document Request List

13 © 2015 CHAN Healthcare 13 Scope of Request – Five Topics in Three Parts  Part I – General Information:  Proof of use of a Certified EHR system  Documentation to support the method chosen to report ED admissions  Part II – Core Set Objectives/Measures:  Supporting documentation and reporting for core measures used in the completion of the Attestation Module  Provide proof that a security risk analysis of the Certified EHR Technology was performed prior to the end of the reporting period  Part III – Menu Set Objectives/Measures:  Supporting documentation and reporting for menu measures used in the completion of the Attestation Module  Supporting documentation for menu items for which there are not EHR reports

14 © 2015 CHAN Healthcare 14 Scope of Request – Item 1  Requests evidence of use of a Certified Electronic Health Record Technology system  Requests a copy of your licensing agreement with the vendor or invoices.  Specifies the licensing agreements or invoices identify the vendor, product name and product version number  If version number is not present, requests a letter from your vendor attesting to the version number used during your attestation period

15 © 2015 CHAN Healthcare 15 Item 1 – Examples of Documents Submitted  Certified EHR Technology (CEHRT) Verification Letter  Discussion of CEHRT Contracts  Redacted copies of CEHRT Contracts (multiple documents)

16 © 2015 CHAN Healthcare 16 Scope of Request – Item 2  Requests confirmation of the methodology requested for reporting Emergency Department (ED) admissions. (Observation Services or All ED Visits)  Requests documentation to support patients admitted to the ED were included in the denominators according to the selected ED methodology  Asks for an explanation of how the ED admissions were calculated and a summary of ED admissions

17 © 2015 CHAN Healthcare 17 Item 2 – Examples of Documents Submitted  Screen shots showing selection of the chosen ED methodology within the EHR reporting module.  Screen shots of the reporting logic to include explanation of the logic and how it enforces the chosen ED methodology.

18 © 2015 CHAN Healthcare 18 Scope of Request – Item 3  Requests support for metric based Core Measures (percentage based measures for which there are EHR reports)  Requests supporting documentation used in the completion of the Attestation Module responses (i.e. a report from your EHR system that ties to your attestation)  Can be provided in either paper or electronic format  Requests that reports display the EHR logo to evidence the reports were generated from your EHR system  If reports do not display the EHR logo, step by step screens shots demonstrating how the reports are generated by your EHR are requested

19 © 2015 CHAN Healthcare 19 Measures Covered by Request Item 3  CPOE for Medication Orders  Maintain Problem List  ePrescribing (EP’s Only)  Active Medication List  Medication Allergy List  Record Demographics  Record Vital Signs  Record Smoking Status  *Electronic Copy of Health Information  *Electronic Copy of Discharge Instructions (Hospital/CAH)  Clinical Summaries (EP’s Only) * - Replaced by Patient Electronic Access Measure in 2014

20 © 2015 CHAN Healthcare 20 Item 3 – Examples of Documents Submitted  Summary reports for the requested measures generated for the EHR reporting period  Screen shots of the output from CEHRT’s reporting utility by objective  Step by step guide for running MU functional reports in CEHRT or Third Party MU Reporting Utility  Spreadsheet tables used to aggregate the data submitted at attestation by objective

21 © 2015 CHAN Healthcare 21 Scope of Request – Item 4  Requests evidence that a security risk analysis of Certified EHR technology was performed prior to the end of the reporting period  Requests a report which documents the procedures performed during the analysis and the results of the analysis  If deficiencies are identified, requests you supply the implementation plan to include completion dates

22 © 2015 CHAN Healthcare 22 Security Risk Analysis Considerations  Can be performed internally or outsourced  Must include risk analysis and mitigation plans if deficiencies are identified  Must be performed during each MU reporting period  Addressing encryption of data was added for Stage 2 MU  Devices that access your EHR should also be included (Desktops, Connected Medical Devices, Mobile Devices, etc.)

23 © 2015 CHAN Healthcare 23 Item 4 – Examples of Documents Submitted  Security Risk Analysis Executive Summary and Detail Report  Security Risk Analysis Remediation Plan with Completion Dates  Meaningful Use Security Risk Analysis Strategy Description

24 © 2015 CHAN Healthcare 24 Scope of Request – Item 5  Requests support for metric based Menu Set Measures selected for attestation (percentage based measures for which there are EHR reports)  Requests supporting documentation used in the completion of the Attestation Module responses (i.e. a report from your EHR system that ties to your attestation)  Can be provided in either paper or electronic format  Requests that reports display the EHR logo to evidence the reports were generated from your EHR system  If reports do not display the EHR logo, step by step screens shots demonstrating how the reports are generated by your EHR are requested  Requests supporting documentation for Menu Set Measures for (Y/N Measures) selected for attestation

25 © 2015 CHAN Healthcare 25 Measures Covered by Request Item 5  Advance Directives (Hospital/CAH)  Clinical Lab Test Results  Patient Reminders (EP’s Only)  Patient Electronic Access (EP’s Only prior to 2014)  Patient-Specific Education Resources  Medication Reconciliation  Transition of Care Summary  Patient Lists  Immunization Registries Data Submission  Syndromic Surveillance Data Submission  Reportable Lab Results to Public Health Agencies (Hospital/CAH)

26 © 2015 CHAN Healthcare 26 Item 5 – Examples of Documents Submitted  Summary reports for the requested measures generated for the EHR reporting period  Screen shots of the output from CEHRT’s reporting utility by objective  Spreadsheet tables used to aggregate the data we submitted at attestation by objective  Step by step guide for running MU functional reports in CEHRT reporting utility  Patient Lists – Example report and walkthrough of how patient lists may be generated  Public Health Reporting Objectives (Immunization, Labs and Syndromic)  Email or Letter for receiving entity confirming successful test and on-going submission  Email or Letter confirming registration and testing

27 © 2015 CHAN Healthcare 27 Measures Not Audited  Core Measures:  Drug Interaction Checks  Clinical Quality Measures (CQMs)  Clinical Decision Support Rule  Electronic Exchange of Clinical Information (Discontinued in 2013)  Menu Measures:  Drug Formulary Checks

28 © 2015 CHAN Healthcare 28 Lessons Learned  Assign a MU Governance Committee or MU Project Team that keeps abreast of the MU Attestation rules and requirements to help maintain and sustain an effective Compliance & Reporting Program  Document MU Strategy that describes the reasoning behind those core and menu measures that were chosen or excluded  Pay attention to detail and develop a good understanding of the detailed reporting requirements before attesting  Conduct one’s own data validation and not to rely on EHR vendor for completeness and accuracy of data used in the reported measures  Conduct a thorough and comprehensive MU Security Risk Analysis

29 © 2015 CHAN Healthcare 29 Lessons Learned, continued  Prepare a Gap Analysis document for the key risks identified  Assign accountability and follow-up on status of Corrective Action Plan  Retain thorough documentation with the proper cutoff dates that provide point- in-time evidence and detailed supporting documentation  Maintain a centralized MU Attestation Documentation Repository  Have a COMPLETE CEHRT and supporting licenses / documentation for all MU required modules  Verify reasonableness and accuracy of all MU measures before filing attestation

30 © 2015 CHAN Healthcare 30 For more information, contact: Erik Dahl, CISA, CISSP Direct 856.885.0127 edahl@chanllc.com Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any other member of Crowe Horwath International and specifically disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or any other Crowe Horwath International member. Accountancy services in Kansas and North Carolina are rendered by Crowe Chizek LLP, which is not a member of Crowe Horwath International. © 2014 Crowe Horwath LLP

Download ppt "© 2015 CHAN Healthcare Place Image Here Preparing for Meaningful Use Audits Erik Dahl, CISA, CISSP IT Audit Director."

Similar presentations

Meaningful Use and Health Information Exchange

Meaningful Use and Health Information Exchange
ARRA Meaningful Use Update Mount Auburn Hospital Information Systems Update March 2011.

ARRA Meaningful Use Update Mount Auburn Hospital Information Systems Update March 2011.
Claire Turcotte, Esq. Partner Bricker & Eckler LLP 9277 Centre Pointe Drive, Suite 100 West Chester, Ohio 45069 (513) 870-6573 1.

Claire Turcotte, Esq. Partner Bricker & Eckler LLP 9277 Centre Pointe Drive, Suite 100 West Chester, Ohio (513)
Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.

Connecticut Ave NW, Washington, DC Understanding Patient Engagement in Stage 2 MU: Direct, HIPAA, VDT, and Patient Engagement.
Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.

Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.
Eligible Hospitals (EH) & Critical Access Hospitals (CAH)

Eligible Hospitals (EH) & Critical Access Hospitals (CAH)
Meaningful Use Performance Measures Report Carmen Land Meaningful Use National Team Business Analyst Data Networks Corporation contractor for US Indian.

Meaningful Use Performance Measures Report Carmen Land Meaningful Use National Team Business Analyst Data Networks Corporation contractor for US Indian.
Meeting Stage 1 Meaningful Use Criterion Carlos A. Leyva, Esq. Digital Business Law Group, P.A. www.digitalbusinesslawgroup.com.

Meeting Stage 1 Meaningful Use Criterion Carlos A. Leyva, Esq. Digital Business Law Group, P.A.
TWS July2011 Stimulation Part 2. TWS July 2011 Objective: Implement drug formulary checks. Measure: The EP has enabled this functionality and has access.

TWS July2011 Stimulation Part 2. TWS July 2011 Objective: Implement drug formulary checks. Measure: The EP has enabled this functionality and has access.
GOVERNMENT EHR FUNDING: MEANINGFUL USE STAGE 2 UPDATE October 25, 2012 Jonathan Krasner Healthcare IT Consultant BEI 571-612-3344.

GOVERNMENT EHR FUNDING: MEANINGFUL USE STAGE 2 UPDATE October 25, 2012 Jonathan Krasner Healthcare IT Consultant BEI
Series 1: Meaningful Use for Behavioral Health Providers From the CIHS Video Series “Ten Minutes at a Time” Module 2: The Role of the Certified Complete.

Series 1: Meaningful Use for Behavioral Health Providers From the CIHS Video Series “Ten Minutes at a Time” Module 2: The Role of the Certified Complete.
MEANINGFUL USE UPDATE 2014 Mark Huang, M.D. Chief Medical Information Officer Rehabilitation Institute of Chicago Associate Professor Department of PM.

MEANINGFUL USE UPDATE 2014 Mark Huang, M.D. Chief Medical Information Officer Rehabilitation Institute of Chicago Associate Professor Department of PM.
WV HFMA January 23, 2014.  Understand Stage 1 changes starting in 2014  Understand Stage 2 Objectives & Quality Measures – changes from Stage 1 and.

WV HFMA January 23,  Understand Stage 1 changes starting in 2014  Understand Stage 2 Objectives & Quality Measures – changes from Stage 1 and.
Medicare & Medicaid EHR Incentive Programs HIT Policy Committee June 5, 2013.

Medicare & Medicaid EHR Incentive Programs HIT Policy Committee June 5, 2013.
Medicare & Medicaid EHR Incentive Programs

Medicare & Medicaid EHR Incentive Programs
Montana Medicaid Electronic Health Records Incentive Program for Eligible Hospitals This presentation will focus on information related to your registration.

Montana Medicaid Electronic Health Records Incentive Program for Eligible Hospitals This presentation will focus on information related to your registration.
A First Look at Meaningful Use Stage 2 John D. Halamka MD.

A First Look at Meaningful Use Stage 2 John D. Halamka MD.
Meaningful Use Stage 2 Esthee Van Staden September 2014.

Meaningful Use Stage 2 Esthee Van Staden September 2014.
Audits for the Medicare and Medicaid EHR Incentive Programs Vidya Sellappan HIT Initiatives Group, CMS 1.

Audits for the Medicare and Medicaid EHR Incentive Programs Vidya Sellappan HIT Initiatives Group, CMS 1.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Similar presentations

Ads by Google