Documentation key in EHR audits, CMS saysMarch 7, 2013
The best documentation a health care practitioner can have in the event of a Medicare or Medicaid EHR incentive program audit is a computer-generated report confirming compliance with the U.S. Department of Health & Human Services’ (HHS) electronic health records (EHR) “meaningful use” criteria, according to the U.S. Centers for Medicare & Medicaid Services (CMS).
Should a practitioner’s EHR not be capable of generating such a report, paper worksheets, used by the practitioner when attesting meaning use, could be an acceptable substitute, if the worksheets together offer a full and detailed summary of the steps taken to qualify for incentive program bonuses, according the CMS.
However, practitioners should also be able produce additional documentation including “screenshots” taken at the time of attestation to demonstrate EHR functionality, patient records, and correspondence with other health care practitioners or entities documenting interactivity among EHR systems, the agency said.
The CMS launched a program of post-payment audits for recipients of Medicare and Medicaid EHR incentive bonuses last fall in response to an HHS Office of Inspector General (OIG) report.
The report noted that under Stage 1 of the incentive program, the CMS is issuing bonuses to practitioners who report or “attest” compliance with the programs’ EHR utilization standards using a specially designated website.
However, the agency has no way to confirm at the time of attestation that a practitioner has actually met the required utilization criteria. (See “EHR incentive recipients subject to audits, CMS says,” AOA News, September 2012 at http://newsfromaoa.org/2012/09/24/ehr-incentive-recipients-subject-to-audits-cms-says.)
Under the new post-payment audit program, when providers are found not to be eligible for an EHR incentive payment, the payment will be recouped.
“The primary documentation that will be requested in all reviews is the source document(s) that the provider used when completing the attestation,” the CMS noted in a posting in the “Frequently Asked Questions” section of its website. That document should provide a summary of the data that supports the information entered during attestation.
“Ideally, this would be a report from the certified EHR system, but other documentation may be used if a report is not available or the information entered differs from the report,” the agency added.
The summary document, which will be the “starting point” for all audits, should include at minimum:
- The numerators and denominators for the measures
- The time period the report covers
- Evidence to support that it was generated for the eligible professional who attested meaningful use.
Although the summary document represents “the primary review step” in an audit, auditors could ask practitioners to provide additional and more detailed documentation for any meaningful measures, including reviewing patient records.
“For that reason, all providers attesting to receive an EHR incentive payment for either the Medicare or Medicaid EHR Incentive Programs should retain all relevant supporting documentation (in either paper or electronic format) used in the completion of the Attestation Module responses,” the CMS noted.
“The provider should be able to provide documentation to support each measure to which he or she attested, including any exclusions claimed by the provider,” the CMS said.
- Drug-drug/drug-allergy interaction checks and clinical decision support – Proof that the functionality is available, enabled, and active in the system for the duration of the EHR reporting period.
- Electronic exchange of clinical information – Screenshots from the EHR system or other documentation that document a test exchange of key clinical information (successful or unsuccessful) with another provider of care. (Alternately, a letter or email from the receiving provider confirming the exchange, including specific information such as the date of the exchange, name of providers, and whether the test was successful.)
- Protect electronic health information – Proof that a security risk analysis of the certified EHR technology was performed prior to the end of the reporting period (e.g., report that documents the procedures performed during the analysis and the results).
- Drug formulary checks – Proof that the functionality is available, enabled, and active in the system for the duration of the EHR reporting period.
- Immunization registries data submission, reportable lab results to public health agencies, and syndromic surveillance data submission – Screenshots from the EHR system or other documentation that document a test submission to the registry or public health agency (successful or unsuccessful). Alternately, a letter or email from registry or public health agency confirming the receipt (or failure of receipt) of the submitted data, including the date of the submission, name of parties involved, and whether the test was successful.
- Exclusions – Documentation must be provided to support each measure exclusion claimed by the provider.
- Clinical quality measures (CQMs) – Save the documentation that supports the values entered in the Attestation Module for CQMs.
Providers selected for auditing will receive an initial request letter from the CMS’ audit contractor. The request letter will be sent electronically by the audit contractor from a CMS email address and will include the audit contractor’s contact information. The email address provided during registration for the EHR Incentive Program will be used for the initial request letter.
The initial review process will be conducted at the audit contractor’s location, using the information received as a result of the initial request letter. Additional information might be needed during or after this initial review process, and in some cases an on-site review at the provider’s location could follow. A demonstration of the EHR system could be requested during the on-site review.
A secure communication process has been established by the contractor, which will assist the provider in sending any information that could be considered sensitive. Any questions pertaining to the information request should be directed to the audit contractor.
States will have separate audit processes for their Medicaid EHR Incentive Program. Practitioners requiring additional information about those audits should contact their state Medicaid agencies.
Additional information on the documentation necessary to demonstrate compliance with federal EHR incentive program standards can be found using these resources: