SCGhealth Blog

Is Your EHR Causing Legal and Financial Headaches? Don’t Expect Your Vendor to Bail You Out

Wednesday, March 14, 2018

By Marla Durben Hirsch

In the market for an electronic medical records (EMR) upgrade or even a new system? Be forewarned: EMR vendor contracts are more onerous than ever, with vendors limiting their liability if their software causes users problems - conveniently just as several problems are coming to light. 

EMRs have been maligned for their usability and functionality problems for years. But in recent months bigger issues have been surfacing. 

For instance, it has been discovered that some systems default to particular billing functions when they shouldn’t, causing providers to bill improperly. The bills are now being denied and the providers are being required to return the ensuing overpayments, according to attorney Robert Markette, with Hall, Render, Killian, Heath & Lyman in Indianapolis.

Other snafus have garnered more media attention. eClinicalWorks paid $155 million several months ago to settle claims that it misrepresented the capabilities of its software and falsely obtained certification in the EMR Meaningful Use incentive program. Allscripts was hit by a ransomware attack in January, causing 1,500 providers to suffer service outages, some lasting a week. 

“It’s especially bad when their software screws up,” says Markette.

Physician practices have filed class action lawsuits against both vendors for their respective transgressions. 

However, these lawsuits may not do much good, since the vendor contracts the practices signed could leave the practices with little recourse if something goes wrong, according to attorney Elizabeth Litten, with the law firm of Fox Rothschild in Princeton, New Jersey. 

“You may be on the hook for their failures,” warns Litten.

Just a quick search on the Internet bears this out. Here is a paragraph from a form contract between Yale New Haven Health Services Corporation and its hospitals with a physician practice that enables the practice to access Yale’s Epic Systems EMR: 

“Limitation on Liability. Neither YNHHSC nor Hospital shall have any liability for any damages whatsoever (including loss of profits or loss of goodwill) resulting from, arising out of or in connection with the use or inability to use or the performance or non-performance of the EMR System or any items or services provided under or in connection with such EMR System or this Agreement or the Practice Equipment, even if it has been advised of the possibility of such damages or should have known of the possibility of such damages, and whether such liability is based on contract, tort, negligence, strict liability, products liability or otherwise. Practice agrees that YNHHSC’s and Hospital’s aggregate liability for damages arising under this agreement, regardless of the form of action and irrespective of fault or negligence, shall in no event exceed an amount equal to the aggregate Practice Payments made by Practice under this Agreement during the immediately preceding 12-month period. The limitations of liability and disclaimers of warranty stated in this Agreement form an essential basis of the bargain between the parties.”

In essence, the most the practice can obtain – according to the contract -- is what it paid for the privilege of access in the past year. 

“This will be a frequently debated issue,” says attorney Michael Kline, also with Fox Rothschild. 

Know where you stand

Practices may not have a lot of negotiation leverage regarding their EMRs, but some contracts are more fair than others, so if you’re in the market shop around. If you find a system you like but the contract is onerous, it can’t hurt to try to negotiate better terms. 

At the very least, read the fine print of any new, existing or renewal contract and know what the vendor is willing to be on the hook for should its software adversely affect you. You probably won’t be made whole but at least you won’t be blindsided.

The Case for Medical Scribes

Wednesday, November 29, 2017

By Audrey Landers, Intern

The idea of medical scribes can be strange to some. Even the word “scribe” brings thoughts of ancient civilizations. They almost seem like a step back in our fast-paced, technology-driven world. When it comes to patient care, however, they could be a step in the right direction. From improved communication to a drop in physician overwork, the potential of medical scribes to improve the quality of care is enormous.

Articles in the New York Times and Wall Street Journal point to the overuse of Electronic Medical Records (EMR) and poor communication as key factors in unhappy patients. From the patient’s perspective, physicians who use EMR heavily in the exam room ask fewer questions and appear uncaring. This is because EMR often requires a physician’s full attention, mean very little eye-contact and a lot of time spent with their back to the patient. It isn’t only the patients who notice the lack of communication, according to a survey by Merritt Hawkins, 48% of physicians feel that their time with patients is limited. Untrusting patients and poor communication isn’t the only problem caused by EMR. As physicians have been forced more and more to balance administrative and clinical work, burnout has risen. According to a study performed by the Mayo Clinic, 1 in 50 physicians plan to leave the medical profession in lieu of a different career path.

Medical scribes have the potential to solve both of these issues. By allowing a scribe to document patient encounters, the burden of keeping accurate records would be lifted from the physician, allowing them to focus all of their attention on their patients. While some might argue that patients may be intimidated by having an extra person in the room, it is easy enough to explain their importance in helping the physician give the best care possible.

The real issue many have with medical scribes is cost. There is no denying that it is expensive to hire an entire new employee to do a job that some administrators may see as the physician’s responsibility. In actuality, medical scribes can help a practice save money and time. One 2013 study found that scribes can allow a practice to save as much as $2,398 per patient with the time cut from each appointment, as well as the extra patients that each physician and scribe team is able to see. This money does not come at the cost of patient satisfaction either, as practices that use scribes find that their patients are happier. Because the physician is able to give the patient their full attention, more patients leave feeling satisfied with their service.

Share your EMR Information- Prevention of Information Blocking Attestation

Monday, November 27, 2017

By Audrey Landers, Intern

Part of getting the highest score possible in the Advancing Care Information (ACI) category of the Merit-based Incentive Payment system (MIPS) is using your certified electronic medical record technology to exchange electronic health information. The Center for Medicare & Medicaid (CMS) understands that sometimes there may be circumstances that are beyond a MIPS eligible clinician’s control that may hinder their ability to do this, therefore you must show that you have acted in good faith to share health information when appropriate. CMS intends to focus on the individual clinician’s circumstances in order to determine whether a good faith effort was made.

All MIPS eligible clinicians will be required to attest to statements about the implementation and use of certified electronic medical record technology. If you are reporting as a group, every single MIPS eligible clinician must attest. If any member does not attest, the whole group will fail the meet the attestation requirement.

There are three statements that each MIPS eligible clinician must attest to:

Statement 1: I did not knowingly and willfully take action (such as to disable functionality) to limit or restrict the compatibility or interoperability of certified electronic medical record technology.

Statement one is mostly an umbrella statement, with the other two statements going into further detail. With this first statement, you must be ready to demonstrate that you have not knowingly restricted access to your certified electronic medical record technology.

Statement 2: I implemented technologies, standards, policies, practices, and agreements reasonably calculated to ensure, to the greatest extent practicable and permitted by law, that the certified electronic medical record technology was, at all relevant times:

  • Connected in accordance with applicable law

  • Compliant with all standards applicable to the exchange of information, including the standards, implementation specifications, and certification criteria in regulation

  • Implemented in a manner that allowed for timely access by patients to their electronic health information (including the ability to view, download, and transmit this information)

  • Implemented in a manner that allowed for the timely, secure, and trusted bidirectional exchange of structured electronic health information with other health care providers as defined by law

Statement two is about the interoperability of certified electronic medical record technology. Specifically, this statement confirms that you reasonably implement corresponding technologies, standards, practices, and policies as well as agreeing not to restrict appropriate access to your certified electronic medical record technology’s information. CMS does not expect individual clinicians to have a complete understanding of the technical details as long as a good faith effort is shown to comply with this statement.

Statement 3: I responded in good faith and in a timely manner to requests to retrieve or exchange electronic health information, including from patients, health care providers and other persons, regardless of the requestor’s affiliation or technology vendor.

Statement three focuses on the use of certified electronic medical record technology and the steps taken to exchange appropriate information in a timely manner. You may attest to statement three even if you have restricted information, as long as there was a good reason. For example, in the cases of certified electronic medical record technology maintenance or a security concern, functionality may be reasonably restricted in ways that are narrowly tailored to the situation and show a good faith effort to minimize the impact of loss of functionality for patients and other clinicians.

For more information about the prevention of information blocking attestation, please see CMS’ official fact sheet.

Eligible Professionals, Do You Qualify for A Hardship Exception?

Wednesday, September 27, 2017

By Brandy Dehaven, Intern

The Center for Medicare & Medicaid Services (CMS) is allowing a one-time hardship exception to eligible professionals in the electronic medical record (EMR) incentive program. This will give you time to adjust to the Advancing Care Information (ACI) performance category of the Merit-based Incentive Payment System (MIPS).

You may also be eligible for a one-time hardship exception if your EMR technology has become decertified during the 2018 payment adjustment year.

Who Qualifies?
To qualify for the one-time hardship exception, you need to be participating in the Medicare EMR Incentive program in 2017 as a first-time participant. You should also be transitioning to MIPS during the 2017 performance period. In addition, you must intend on reporting measures under the ACI performance category in 2017.

To qualify under the exception for decertified EMR technology, the following requirements must be met:

  • The EMR technology was decertified during the 12-month preceding the applicable EMR reporting period for the 2018 payment adjustment year under ONC’s Health IT Certification Program or during the applicable EMR reporting for the 2018 payment adjustment year.
  • The eligible professional made an effort to obtain another certified EMR technology for the applicable reporting period.

What Steps to Take and The Approaching Deadline
The deadline for the EMR Incentive Program Hardship application is quickly approaching. Eligible professionals that meet the criteria for the one-time hardship must submit a Medicare EMR incentive program hardship exception application no later than Saturday, October 1, 2017.

This deadline also gives eligible professionals time to report ACI performance measures under MIPS during the last 90-day reporting period for 2017.

Apply for the one-time EMR Incentive Program Hardship Exception using this form.

Learn more by checking out CMS’s payment adjustments and hardship information page.

Does Your EMR Measure Up?

Monday, July 17, 2017

By Ben Regaldo, contributing writer

If you saw the recent announcement by Allscripts, a major electronic medical records (EMR) provider, that it has released the first fully certified 2015 edition, some questions may arise, such as: What is certification? Does it matter? What’s different about the 2015 edition?

What Is Certification?

Certification essentially means that an independent reviewer (Authorized Certification Body, or ACB) compared the product’s features against a detailed listing of standards, and then notes which standards are met.

The federal Office of the National Coordinator for Health Information Technology (ONC-HIT) maintains the Certified Health IT Product List (CHPL, found at The CHPL is a comprehensive and easily navigable database of the multitude of EMR products available. By sorting through this database, you should be able to find your product, as well as see all the products that are independently certified with regards to 2011, 2014 and 2015 criteria. Think of it as the Joint Commission of EMRs. The CHPL enables users to easily make precise “apples to apples” comparisons of the various software products on the market, all while noting what standards are met by each product.

Does It Matter?

The overarching goal of certified software is to assure that necessary health information is being appropriately captured, stored and secured in a manner that allows for easy exchange of information between providers who may not be on the same systems. Proper software should also support the tracking and benchmarking of health care data, solely for the benefit of the providers, as well as patients.

Certification reviews cover how the software versions enable what was once known as “Meaningful Use” (Stages 2 and 3), as well as the many Clinical Quality Measures from the Centers for Medicare and Medicaid Services (CMS). Rolled together, these are the standards that allow you to meet elements of the new Merit-based Incentive Payment Systems (MIPS) methodologies, which will determine positive/negative adjustments to your Medicare payment rates in the years ahead.

Under the new MIPS scoring system, a total of 25% of your score comes from meeting standards in what is now known as Advancing Care Information. There are about 60+ items on this list – 48 of which are reviewed in the certification process.

What's Different About the 2015 Edition?

It is important to note and understand that “required” does not mean a system must demonstrate the criteria or it fails certification. This simply means that the element was previously considered “optional” and meeting said element was not required for full certification.

With the release of the 2015 edition, comes the removal of different criteria that made up the prior version. Unfortunately, out of the 2014 criteria that was removed in 2015, having advance directives was amongst them. Certain items were also changed. For example, the clarifications on the electronic submission of Clinical Quality Measures has been sorted into two standards – reporting and filtering.

However, if anything the 2015 criteria changes demonstrate the desire of the ONC-HIT to promote the evolution and expansion of exactly how EMRs are used.

For example, some items are no longer noted as optional in the 2015 criteria, most importantly computerized provider order entry (CPOE) for medications, laboratory, diagnostic imaging. Along with the CPOE, it is also worth mentioning the accounting of disclosures, as well as the transmission of information to cancer registries and public health organizations.

Alongside the criteria that was removed, new criteria were added as well. The most notable addition signifies the ability of the EMR system being able to maintain Implantable Device Lists and Social, Psychology ad Behavioral Determinants Data. Beyond merely sharing this information, the ONC-HIT is encouraging the creation and exchange of data in a “common clinical data set,” which is demonstrated by the broadening of data transmission to public health agencies.

With a wide range of products on the market, you don’t need to be looking for a new product in order to evaluate your own routinely. Instead, just look at how your product stands up against the certification criteria/different products to shed some light onto some useful features that you may not be using to your advantage. Doing so will allow your providers to deliver better and more coordinated care for your patients, no matter where they are in the healthcare spectrum. Use the certification criteria as a tool to help you run your practice more efficiently, ultimately delivering the best possible experience for your patients. That’s what it’s all about, right?

More Power To You: 9 Quick Tips And A Bonus For When The Lights Go Out!

Thursday, February 04, 2016

By Ben Regalado

Spurred by Meaningful Use incentives, electronic health records (or EHRs) approach universal adoption, with secure Wi-Fi-connected tablets or laptop computers becoming the source of data entry.

But what do you do if the screens go dark, or Wi-Fi fails? While redundant backup and recovery processes for your system should be well established, this does not necessarily facilitate immediate practice continuity.

Expect what is Expected

As with most emergency practice management issues, the first thing to do is to start when the lights are on and create your plan to deal with the impact of anticipated and unanticipated power loss on the patients, providers and staff.

Reputable server-based EHR systems rely on uninterruptable power supply (UPS) batteries to kick in when the power goes off, giving you and your team the appropriate time to carry out your plans and manage graceful power down process.

Also, know how your EHR hardware stores “work in progress” so providers can quickly resume their documentation processes. If you do not use battery powered laptops or tablets, make sure you have a few critical workstations on a UPS system.

Photo credit: GraphicStock © 2016.

When the Lights Go Out

Many weather or other power-limiting events are precipitated by a warning of several hours to several days. Consider the following steps if these events are forecasted or imminent.

  1. Foremost, assess the readiness and responsiveness of your staff. Without a doubt, community-wide events such as the recent snowstorms across the country direct their focus to family and personal issues, limiting their ability to proactively consider the needs of the patients and the practice. Help them help you by preparing checklists, but always keep their safety in mind.
  2. Know how to access your EHR outside of the practice walls. This emergency plan and process, especially related to who can access and where they should access it from, should be printed and immediately accessible.
  3. Immediately print essential medical record, demographic and charge ticket information for the day’s patients. Should the providers be able to continue to see patients, this aids in the recording of essential visit information to be entered into the system later.
  4. If multiple days of power loss are anticipated, print additional schedules with patient contact information. Distribute these schedules to staff you have pre-arranged to call patients if necessary. (If these calls have to be made from mobile phones, it is a good idea for callers to temporarily block their own caller identification.)
  5. Remember to communicate to patients! If you have an interface with your telephone appointment reminder system, use it to send critical messages. You should also update the practice’s website and patient portal with information about how to contact the practice.

When Rain Falls from the Cloud

Beyond power outages, many EHRs now rely heavily on the Internet. Some are completely cloud-based, meaning connectivity is of the essence. While Internet providers sell you on uptime, prepare for the unlikely event you lose connection for what could be a substantial amount of time.

  1. Is just the Wi-Fi down? If you connect to the Internet via an in-office wireless system, first determine if the issue is limited to your Wi-Fi router. You can prepare for a loss of Wi-Fi is the issue by having the ability to connect to hardwired cabling in the exam rooms or in a nearby workstation until you restore your service. These days you cannot have too many electrical outlets and connection ports!
  2. Wake up from paperless dreams. Having a stock of document templates available in the office can guide your providers’ documentation until connections can be restored.
  3. Is there an app for that? Some cloud-based EHRs may have secure applications that can be connected through cellular-based wireless connection. While this is not the ideal method of routine connection for security and speed, it may serve you in a pinch for obtaining basic schedules and clinical information.
  4. Look ahead. When you can and have access to a secure Internet connection, prepare for the following day by printing necessary schedules, demographics and other documents to allow patients to be seen. While this will require "back end" data entry, it is certainly an alternative to not being able to continue to see patients in the event of a connection issue (rather than a complete power failure).

Finally, here is our Bonus tip. When your plans are put together, don’t put them on the shelf. Consider a few practice sessions, allowing you to determine what works and what doesn’t. You can then rest assured your practice is as ready as it can be, and maybe go back to those dreams of a paperless office again.

Hardship Confusion for Meaningful Use

Thursday, January 07, 2016

By: Jennifer Searfoss and Elizabeth Lauzon

Updated March 5, 2015 to reflect changes in hardship application. See our recent blog on attestation.

On December 28, President Obama signed into law the Patient Access and Medicare Protection Act. The goal of Section 4 of the bill is to make it easier for physicians and hospitals to receive a hardship exemption from the 2015 Medicare requirement for the meaningful adoption of electronic medical record technology. However, the legislative language is incredibility vague and raises more questions than answers.

Photo credit: GraphicStock © 2016.

Here’s what we know (and we have FAQs too - see our attestation blog):

  • The attestation period for 2015 Meaningful Use of a certified Electronic Health Record (reporting period 90 continuous days) opened January 4 and closes February 29 March 11, 2016.
  • The Centers for Medicare & Medicaid Services (CMS) released their modification of the program requirements only in October 2015. Due to this delay, likely was difficult for physicians to meet the 2015 requirements due to slow software upgrades.
  • The new law restates current CMS authority to grant hardship exemptions on a case-by-case basis. Congress intended them to use this to permit broader exceptions due to software glitches and ongoing system problems. However, the language does not grant any additional authority.
  • CMS typically has the timeline for exemption applications until the summer (July 1, 2016) of the year following the attestation period. Congress set the timeline ending in March 15, 2016. CMS extended the timeline again to July 1, 2016 on February 26.

While the hardship exemption seems like a way to avoid the Medicare 2% penalty in 2017, don’t bank on this. The CMS categories for applying for a "streamlined hardship exemption application process"; one exception may be appropriate for physicians with late software updates to address the program changes:

  • Lack of Infrastructure: Physicians must demonstrate that they are in an area without sufficient internet access or face insurmountable barriers to obtaining infrastructure (e.g., lack of broadband).
  • Extreme and Uncontrollable Circumstances: Examples may include a natural disaster or other unforeseeable barrier.
  • EHR Vendor Issues: The physicians’ EHR vendor was unable to obtain certification by the start of the attestation period, experienced extreme problems in implementation upgrades for the certification or a physician changed EMR systems during the attestation period
  • Patient Interaction:
    • Lack of face-to-face or telemedicine interaction with patient
    • Lack of follow-up need with patients
  • Practice at Multiple Locations: Lack of control over availability of CEHRT for more than 50% of patient encounters.

Physicians considering filing a hardship when they do not fall into one of the categories is risking future scrutiny by not meeting the described requirements. For those physicians who apply, be sure to document why the category applies. This can apply to EMR vendors that did not have mature implementation of system upgrades to meet the revised Stage 2 requirements. Document and make copies of any correspondence from the vendor explaining the situation. You will need to have it available on audit.

2.2.d EHR Certification/Vendor Issues (CEHRT Issues)
I, on behalf of the provider(s) listed in Section 3 and/or 4, am requesting this Medicare EHR Incentive Program Hardship Exception and attest that the provider(s) faced extreme and uncontrollable circumstances in the form of issues with the certification of the EHR product or products such as delays or decertification, issues with the implementation of the CEHRT such as switching products, or issues related to insufficient time to make changes to the CEHRT to meet CMS regulatory requirements for reporting in 2015. I further attest that this extreme and uncontrollable circumstance in the form of EHR certification/vendor issues constitutes a significant hardship in demonstrating meaningful use as defined under 42 CFR 495.102(d)(4)(iii)

Be sure to keep an eye on the SCG Health blog for updates and resources on meeting and exceeding Meaningful Use requirements and how to prepare for audits of your attestation.

Access the attestation tip sheet.
Go to the portal to attest for the 2015 reporting period.
Review the hardship web page with the instruction form and application form.

ONC data brief: Patients have real concerns with privacy and security, but still like EHR

Monday, July 06, 2015

by Scott Kraft

The bad news is that recent survey data from the Office of the National Coordinator for Health Information Technology (ONC) shows that about three quarters of patients have privacy and security concerns for their own health information when used in electronic health record (EHR) systems.

The good news is that a large majority of patients still want providers to switch to EHR systems, and that fewer than 10 percent of surveyed patients are withholding information from their provider out of concern that the information will be compromised as part of an electronic record.

The findings were part of the June ONC Data Brief. The finding that very few patients are withholding information from their primary provider provides some contrast - and comfort - to data we recently shared from a separate study that showed that when patients are allowed to go into the EHR system and control which providers could see their health information, nearly half added layers of restriction to the health data.

Also of note from the ONC survey is the finding that patient concerns about the security of their own health information are almost no different whether the information is part of an EHR system or whether the practice still uses paper charts. Of course, it is concerning that in all cases, the percentage of patients who have concerns about the security of the data hovers around 75 percent.

It also provides some context to the finding that nearly three quarters of those surveyed would prefer their records to be stored via an EHR. After all, if the concern over the privacy and security of the data is the same regardless of the manner in which the data is stored and maintained, it makes sense that people would opt for technology.

It's hardly a vote of confidence in health care providers, however, when a survey basically suggests that three out of four patients don't consider their records to be secure in the provider's office, regardless of the manner in which they are maintained.

While this survey suggests this feeling does not have a significant impact on the desire of patients and health care consumers to see providers move toward EHR, it raises the potential that opinions on electronic record maintenance could shift quickly in the face of any type of hacking scandal or data breach that significantly impacts patient records.

Remember, the move toward electronic health record keeping is quickly going far beyond the EHR that is at the provider's office or in the hospital. Patients are turning to wearable technology, and in many cases being provided with technology by their providers that enables remote tracking and transmission of health data from the patient's home into the provider's EHR.

Compromises to that data stream could quickly erode overall consumer confidence in electronic records, given that confidence in the data security is already so low. Conversely, it may also be that significant segments of health consumers have resigned themselves to the likelihood of health data breach, given the prevalence of security breaches in so many other sectors.

Additionally of note, when it comes to the actual transmission of electronic records among health providers, the ONC found no statistically significant difference in terms of patient confidence if the records were sent electronically or via fax.

In both cases, the percentage of patients either very or somewhat concerned hovered in the 60 percent to 65 percent range.

Work on security

The key take away from the ONC findings for providers and vendors of health care technology is to not be lulled by the belief that consumer desires to move toward more electronic health records should override the very real concerns they have with overall privacy and security of health data.

Overall, patients have two significant concerns - that their health records are not kept securely, and that their health records are subject to unauthorized viewings.

Think of the previous survey we wrote about – given the ability to go into the EHR and control access, the first thing that many patients did was lock off access to sections of their health information from unknown providers.

Because health care consumer confidence is so low regardless of how the health records are being stored and maintained, vendors and providers have a real opportunity to make strides in data and security via the electronic health deliverables that will actually cause consumer confidence to increase.

How to prepare for, handle a Meaningful Use audit

Wednesday, November 12, 2014

In continuation of the SCGHealth blog on Meaningful Use audits, physicians can take some steps to avoid a Meaningful Use audit or at least be better positioned to successfully defend one’s attestation. Consider these steps:  

Maintain evidence that you’ve met the requirements. The most important step is to make sure you have the documentation to support your attestation. You need a repository of proof or book of evidence. The documentation should include screen shots, reports, calculations, a copy of the EHR purchase agreement (to show that you’re using technology certified and approved by the government, as required by the program), EHR implementation documents and other information to support the data for the Meaningful Use objectives and clinical quality measures.  If you’re attesting for 2014 via the new flexibility rule, make sure you have evidence to justify why you’re doing that.  Some providers are failing their audits not because they did anything wrong but because they can’t prove that they did it correctly.

Collect and store the documentation on an ongoing basis. Note that a screen shot of a single day won’t be sufficient for the other days in the reporting period. You may need to run reports to show that you met the yes/no attestations and a transaction log that shows that you did so every day in the reporting period. 
Designate one person to be in charge of Meaningful Use and to lead a response to an audit. This makes responding faster and more efficient. 

Make sure you’ve conducted a security risk analysis of the vulnerabilities of all electronic patient information in the EHR and elsewhere, such as on laptops or medical devices. This has been the most challenging Meaningful Use measure for providers; at least one hospital has failed just this one measure and has had to return the entire incentive payment for the year being audited. 

Store the Meaningful Use documentation in a central location. That will make it easier and faster to respond to an audit.  Also, since the documentation needs to be submitted electronically, make sure you store it electronically, and back it up. 

Be on the lookout for new developments regarding the Meaningful Use audit process. Stay apprised of how other providers are faring. For instance, it has been reported that CMS has lost several Meaningful Use audit appeals, indicating that physicians who appeal should keep proof that they submitted it. 

Maintain the documentation for at least six years past attestation, pursuant to CMS’ guidance. 

Watch for the red flags that might increase the likelihood of an audit. Try to avoid or eliminate them.

Check patient mix before attesting to Medicaid Meaningful Use. Don’t have a physician attest that he/she had at least 30 percent Medicaid population unless you’re sure he/she meets the threshold. 

Make sure that front office staff understand the significant of a Meaningful Use audit letter.  They need to quickly route it to the person responsible for responding to the audit. Don’t let mail sit on the desk of someone out sick or on vacation.   

How to proceed when physician is audited

So what should a physician do if it receives an audit letter from Meaningful Use auditor?  Here are some tips:

Respond by the stated deadline.  Don’t expect an extension.

Contact your EHR vendor. Some vendors have a toolkits or other resources that can help a provider survive a Meaningful Use audit. For instance, they’ve probably had other provider clients go through a Meaningful Use audit, so they may have a better idea of what the auditor will look for regarding the vendor’s functionalities. The vendor will also have better knowledge of its capabilities to generate reports that you may need to submit.

Provide the auditors with a summary and table of contents of the security risk analysis, not the actual analysis. You don’t want to alert the auditors of weaknesses that you uncovered within your practice. 

Review all material before submitting it to an auditor. Make sure that it’s accurate and complete. 

Conduct a formal review of the audit. See what needs to be improved going forward.

Consider appealing a negative determination if there’s a good chance you can overturn it. Providers that fail a Meaningful Use audit should appeal if they have something to stand on, such as evidence that they met the Meaningful Use requirements or that the auditor committed a mistake.  But if you can’t go back in time and create evidence, such as screen shots.

Don’t get tripped up by a Meaningful Use audit

Monday, November 10, 2014

It’s burden enough to participate in the Meaningful Use Incentive Program and earn the incentive payment.  But it’s even worse to find out that you’ve been targeted in an audit to see if your practice is really entitled to the incentive and then denied it or forced to return it if the Meaningful Use auditor determines you didn’t earn it. 

Since CMS has already paid out more than $25 billion in incentive payments to providers who meaningfully use their electronic health records systems (EHRs), it’s no surprise that the risk of being subject to a Meaningful Use audit is increasing.  It’s estimated that up to 20 percent of “eligible professionals” participating in the program may be audited.

The stakes are high: a physician that fails just one element of a Meaningful Use audit must return the entire incentive payment for that year. There is no partial credit. Then to add insult to injury, the physician is also automatically scheduled to be audited for another participating year.

But it’s no longer just CMS’ auditor, Garden-City New York CPA firm Figliozzi and Company that may be conducting the audit. States are now conducting their own Meaningful Use audits of incentive payments made under the Medicaid Meaningful Use programs.

And if that’s not enough, HHS’ Office of  Inspector General (OIG) also plans to review Medicare and Medicaid incentive payments made to providers as well as CMS’ auditing efforts, according to its 2015 work plan, released Oct. 31. Read the SCGHealth blog on the OIG Work Plan.

Red flags could trigger audit

The physicians chosen for an audit are supposedly suspected randomly. However, the auditors are on the lookout for certain red flags that make it more likely that a physician will be targeted.

The red flags that could trigger an audit include:
  • Inconsistences within the provider’s own data, such as exclusions that may be inconsistent with other measures a provider is attesting to or discrepancies with numerators and denominators.
  • Certain EHR systems which are known for having functionality problems and which may make their users more likely to be audited.  
  • Years where scores are combined, say while transitioning from one EHR to another midyear, since the likelihood of errors is increased.
  • Attestation data that is inconsistent with CMS supplemental data, such as measures or exclusions inconsistent with the provider’s patient mix. 
  • Providers that attest in 2014 using CMS’ new “flexibility” rule, since it makes keeping track of each measure harder and more complex.

SCG Health blog by Email

Recent Posts



SCG Health is a tradename of the Searfoss Consulting Group, LLC. You may reproduce materials available on this site for your own personal use and for noncommercial distribution. For more information, please read the Content Sharing Policy. Art & design by SCG Health. DISCLAIMER: You should consult an attorney for individual advice regarding a particular set of facts and circumstances. SCG Health reserves the right to change the information on this website without notice.