The Garden City, N.Y.-based accounting firm Figliozzi and Company, acting on behalf of CMS, has started to send letters to providers requesting them to submit documentation to support their attestation that they have met the Meaningful Use requirements. According to Ober Kaler, the auditor is asking for four types of information:
- A copy of the provider's certification from the Office of the National Coordinator for the technology used to meet the program's requirements, to show that the provider has a certified EHR system
- The method used to report emergency department admissions, which affects some of the required measures
- Supporting documentation for the completion of the attestation regarding the core set objectives and measures
- Supporting documentation for the completion of the attestation regarding the menu set objectives and measures
The notes that organizations selected for an audit have two weeks to comply with the records requests, but it appears that the audits won't be overly detailed and will not involve site visits.
However, although the letters state that information will be kept confidential, Ober Kaler warns providers to be mindful of HIPAA when complying with the record requests.
"Audited providers should be careful to ensure that they do not simply 'throw the kitchen sink' at Figliozzi and Company and, in the process, provide unnecessary and unrequested personal health information. As always, entities should provide the 'minimum necessary information requested,'" the firm advises.
CMS is required to conduct audits of providers attesting under the EHR incentive program, but has posted only general information about the audits. CMS does provide contact information for the auditing firm on its website.
CMS has implemented some automatic checks built into its databases to verify information submitted by providers and plans to audit a sample of eligible professionals and hospitals to verify that payments made to hospitals are accurate, according to a recent GAO report.
However, GAO found that these audit processes were insufficient and was particularly concerned about auditing providers only after they're paid incentive money.