Though MACRA has officially been implemented, Meaningful Use is not quite over. The Center for Medicare and Medicaid Services (CMS) implemented the mandate for Meaningful Use (MU) of Electronic Health Records (EHR) systems to improve quality and efficiency of healthcare while maintaining privacy and security. Certified EHR systems are those that meet MU requirements perform functions like e-prescription, electronic exchange of health information, and submission of clinical quality measures. The use of EHRs improves care coordination by helping providers to fully engage with patients and families, and this ultimately leads to improved public health.
As an incentive to meet the requirements for MU, physicians’ reimbursement may be adjusted by the CMS, and the number of audits conducted by has been increasing over recent years in order to verify that physicians are receiving their MU payouts. These audits began in 2011, and prepayment audits began in 2013.
Preparing for Your Meaningful Use Audit
Although audits are a necessary component in the payout process, they can create challenges to the healthcare provider. In Pamela Lewis Dolan’s article on Medical Economics, she provides seven steps to prepare for audits that will help physicians undergo the process with minimal difficulties:
- Assume you will be audited: Physicians should be proactive and keep all records and documentation regarding MU attestation on hand.
- Handle audit promptly: Cooperate fully with the auditors and complete all tasks required. As this can be time-consuming, it may be tempting to procrastinate, but the quicker the audit is handled, the smoother it will go. Full correspondence with the auditors during the document exchange helps to avoid miscommunication.
- Physicians take charge: If MU is being delegated to others in the practice, physicians should make sure to confirm that the work is being done correctly.
- Avoid discrepancies: Three particular documents must be submitted during prepayment and post-payment audits to ensure correct MU:
- Proof that the EHR system in use is certified
- Documentation of the accuracy of quality measure, core, and menu objective data
- Proof of a security risk assessment and a corrective action plan
- Ensure EHR certification: Physicians should keep track of system upgrades that could affect certification status. They can contact their EHR vendors to verify that their system has been certified.
- Documentation is key: All documentation should be kept in records for MU attestation. Data regarding yes/no objectives can be shown using dated screenshots from the EHR system that prove a particular function was turned on. This should be periodically checked, as certain functions aren’t always used, and they’re turned off they may not be detected.
- Complete a security risk assessment: This assessment must address all changes and new additions. It’s important to be specific about information in order to prove its validity. If this isn’t done, incentives will be taken back and physicians may also face a penalty for violating HIPAA compliance. An outline of the risk assessment includes the following processes:
- Scope of the analysis
- Data collection
- Identify and document potential threats and penalties
- Assess current security measures
- Determine the likelihood of threat occurrence
- Determine potential impact of threat occurrence
- Determine the level of risk
- Finalize documentation
- Periodic review and updates
Using an EHR helps to resolve the challenge of preparing your data for a MU audit while at the same time maintaining operations as a healthcare provider. Providers can then help themselves by proactively maintaining good communications with their auditors. Because the EHR is keeping your records organized and accessible, and provides the tools and the dashboard to stay ahead of your meaningful use criteria, this will ensure that your audit goes smoothly. Above all, these audits are conducted to ensure that the practices that meet the MU requirements of their EHR system are rewarded and continue to provide the best possible healthcare to their patients.