GE Healthcare Camden Group Insights Blog

More EHR Audits Planned for 2015

Posted by Matthew Smith on Nov 11, 2014 5:48:00 PM

As the healthcare industry moves toward digitization of health records, OIG has requested a $400 million FY 2015 budget, an increase of $105 million and 284 additional full-time employees to help expand OIG audits and reviews, several of them examining IT security, compliance and, yes, even electronic health records. 

"Important changes are taking place across the healthcare industry," wrote Daniel R. Levinson, U.S. inspector general, in OIG's 2015 work plan justification. These changes, Levinson continued, include "an emphasis on coordinated care and an increased use of electronic health records. OIG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities."

Part of OIG's role in 2015 will include leveraging data analytics and "forensic enhancements" to investigate the increasingly sophisticated healthcare fraud, which is, now more than ever, including electronic health records in the process. 

"We will perform audits of various covered entities receiving EHR incentive payments from CMS and their business associates, such as EHR cloud service providers, to determine whether they adequately protect electronic health information created or maintained by certified EHR technology," OIG officials outlined in the 2015 report. 

Priorities for 2015 include:

  • Identify EHR system fraud and determine "how certified EHR systems address these vulnerabilities."
  • Review Medicaid and Medicare EHR incentive payments and ascertain if providers or hospitals received payments they should not have received.
  • Analyze the IT security of community health centers funded by the Health Resources and Services Administration.
  • Review the Centers for Medicare & Medicaid Services health information technology systems and verify the agency adopted necessary security controls to protect EHR data.

OIG has already demonstrated its commitment to EHR audits. Just this September, the office found the Louisiana Department of Health and Human Services wrongly claimed EHR incentive payments. The OIG audit discovered the state agency was overpaid 13 hospitals $3.1 million in federal EHR cash. The payment errors, as officials pointed out, were due to unclear and incorrect patient volume calculations. Some 80 percent of the state's hospitals analyzed in the audit failed to comply with federal regulations or guidance.

Topics: EHR, EHR Audit, Office of Inspector General, EHR Fraud

EHR Audits & Medicare Enrollment: The Latest Provider Update from CMS

Posted by Matthew Smith on Apr 23, 2013 1:15:00 PM
EHR Audits, CMSThe Centers for Medicare & Medicaid Services (CMS) is the Federal agency under the Department of Health & Human Services (HHS) which administers Medicare, Medicaid, and the State Children’s Health Insurance Program. The CMS EHR Incentive programs are currently open programs for eligible professionals and hospitals to receive incentive payment for participation. Checking in on CMS will be a regular weekly post to keep up with communication coming from CMS on information about these and other related programs.

What Providers Need to Know about EHR Audits

All eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) attesting to receive an incentive payment for either the Medicare or Medicaid Electronic Health Record (EHR) Incentive Program may be subject to an audit. CMS and its contractor, Figliozzi and Company, perform audits on Medicare and dually-eligible (Medicare and Medicaid) providers who are participating in the EHR Incentive Programs. States perform audits on Medicaid providers participating in the Medicaid EHR Incentive Program. In addition to the post-payment audits that have been conducted since 2012, CMS began pre-payment audits this year, starting with attestations submitted during and after January 2013.

CMS to Begin Accepting Suggestions for Potential PQRS Measures and Measures Groups in May

CMS will begin accepting quality measure suggestions for potential inclusion in the proposed set of quality measures in the Physician Quality Reporting System (PQRS) for future rule-making years. CMS is seeking a quality set of measures that are outcome-based and fall into one of the National Quality Strategy (NQS) Priorities domains where there are known measure and performance gaps. The measure gaps that CMS most wishes to fill include clinical outcomes, patient-reported outcomes, care coordination, safety, appropriateness, efficiency, and patient experience and engagement.

Measures submitted for consideration will be assessed to ensure that they meet the needs of the Physician Quality Reporting Program. In addition, CMS encourages eligible providers to submit measures that do not have an adequate representation within the program for participation. When submitting measures for consideration, please ensure that your submission is not duplicative of another existing or proposed measure. Each measure submitted for consideration must include all required supporting documentation. Documentation requirements will be posted on the Measures Management System Call for Measures web page on or around May 1, 2013. Only those measures submitted in the provided format will be accepted for consideration. 

Important Medicare Enrollment Date

Effective May 1, 2013, physicians who refer or order services for Medicare patients will be required to be enrolled in Medicare. Claims submitted on or after May 1st for a physician who referred or ordered services for a Medicare patient but who is not enrolled in Medicare will be denied. Providers should enroll online through the Provider Enrollment, Chain, and Ownership System (PECOS) or can mail enrollment application CMS-8550. Physicians who have a valid opt-out affidavit on file are not required to enroll in Medicare. Visit the CMS web site for more information.

CMS Listening Session on Billing and Coding with EHRs – Save the Date

Friday, May 3, 9am – 2pm ET, Registration Now Open.

CMS and ONC will convene a meeting of interested stakeholders, including providers, health information technology vendors, press and others to discuss electronic health records (EHRs), the increase in code levels billed for some Medicare services, and appropriate coding in an increasingly electronic environment. Invited speakers will discuss key issues such as the impact of EHRs on high quality clinical care, provider efficiency, and coding, as well as coding challenges and opportunities facing various groups, including hospitals, clinicians, and other interested stakeholders.

For this Listening Session, you have the option to:

  1. Attend in-person.
  2. Call-in to listen.
  3. Watch a live stream via the web.
Electronic Health Records EHR Assessment

Topics: CMS, PQRS, EHR Audit, Medicare Enrollment

Meaningful Use Audits to Ask for More Documentation

Posted by Matthew Smith on Jan 30, 2013 10:24:00 AM

Meaningful Use AuditsBeginning in the summer of 2012, the Department of Health and Human Services’ Office of Inspector General started conducting a limited number of audits of organizations that have attested to electronic health records meaningful use under Stage 1.

During an educational session at HIMSS13, Mac McMillan, CEO at health information security consultancy CynergisTek Inc., will walk through the early stages of the audit program and what is to come. Audits in the initial phase were very simple as organizations were sent a list of questions they could answer without a lot of documentation--basically asking that organizations reaffirm what had already been attested.

A second phase (later in 2012) was more comprehensive with about 10 pages of questions asking for detailed information such as how an organization is using the EHR’s capabilities and how well it performs. For instance:

  • Does the EHR generate a log?
  • Can you manipulate, view and print the log?
  • Is the EHR configured for role-based privileges assigned to persons using it?

While these initial audit programs were rather simple with little or no measurement of performance, not being truthful could really hurt an organization later if it has a reportable data breach, McMillan warns. For instance, even in these basic early audits, organizations had to re-attest that they have conducted a HIPAA-mandated security risk assessment and update it regularly. “If you aren’t honest in the audit then have a breach, and the investigation shows you didn’t do the risk assessment required under meaningful use, you’re in trouble,” McMillan says.

At some point, McMillan believes, someone in government is going to say, “I want to see a real audit run,” and the program will get tougher with real teeth. That time could come with Stage 2. He sees the early audits as the start of preparing EHR users for a more comprehensive program. “You need to get serious about your attestations and your documentation around attestation so you can be prepared to document it when the audits come.”

The session during the pre-conference Meaningful Use Symposium on March 3, “Meaningful Use Audits--What Your Provider Organization Needs to Know,” is scheduled at 2:30 p.m.

To learn more about Health Directions' approach to EHR, Meaningful Use, and details concertning the audits, please contact Health Directions via the button below:

Electronic Health Records EHR Assessment

Topics: EHR, Meaningful Use, Electronic Health Records, Electronic Medical Records, Health IT, Meaningful Use Attestation, EHR Audit

Subscribe to Email Updates

Value Model, Health Analytics

Recent Posts

Posts by Topic

Follow Me