True to its word, the U.S. Health and Human Services Department's Office of Inspector General has begun to audit individual providers to determine if they met the Meaningful Use requirements, according to attorney Daniel Gottlieb, with McDermott Will & Emery in Chicago.
"The work plan is coming to fruition," Gottlieb (pictured) tells FierceEMR.
OIG is conducting random nationwide audits of providers, according to Gottlieb, who wrote a blog post on this new development April 1. The audits are somewhat different from the ones being conducted by the Centers for Medicare & Medicaid Service's audit contractor Figliozzi & Co., based in Garden City, New York, in that the OIG audits are only looking at certain measures, but over a three-year period. Figliozzi's audits review all measures, but only for a single attestation year at a time.
OIG's work plan, published Oct. 31, 2014, contained a number of focus areas special to electronic health records, such as:
- Whether providers that received Medicare and/or Medicaid Meaningful Use incentive payments were entitled to the money
- How well CMS oversees the Meaningful Use payments being made
- CMS oversight of hospitals' security controls over networked medical devices that are integrated with EHR systems
- Whether covered entities and business associates, such as cloud services and other "downstream service providers," adequately secure electronic patient protected health information created or maintained by certified EHR technology. The OIG specifically states that hospitals must conduct security risk analyses
- The extent to which hospitals have EHR contingency plans, as required by HIPAA's security rule
Gottlieb points out that it's not surprising OIG is taking a look at EHRs; the office has criticized HHS in the past for not providing sufficient oversight of the Meaningful Use program.
OIG says its main concern is not on individual providers, but how well the Health Department's agencies are doing their jobs, OIG senior media relations specialist Donald White tells FierceEMR. To that end, the OIG has already completed audits of how state Medicaid Meaningful Use programs are operating in Florida and Massachusetts, according to White. It also has started an audit of the program in Pennsylvania.
However, if OIG determines that a provider has received incentive payments to which it is not entitled, the provider will have to repay it, Gottlieb says. Several Massachusetts hospitals will need to repay their incentives as a result of the Massachusetts audit.