CMS Meaningful Use audits are on the rise. Ensuring that a facility qualified for bonus payments may be an uphill battle if there is no proof of documentation supporting the Meaningful Use and clinical quality measure data submitted during attestation.
CMS initiated Meaningful Use audits in July 2012, now consisting of both pre- and post- payment audits. Pre-payment audits will include random audits, while post-payment audits target suspicious or anomalous data. If your hospital is selected for a Meaningful Use audit, a Meaningful Use audit notice will arrive via an email letter from the CMS contracted Meaningful Use auditor, Figliozzi and Company for Medicare providers. Medicaid audits are managed by the states’ Medicaid agency. CMS has not offered any guidance regarding what can trigger an audit, further complicating this issue for hospital leaders. CMS guidance regarding EHR incentive program audits is available at
Take the steps now to prepare for a potential audit to include: conducting a security risk analysis of the certified EHR, confirming that functionality was turned on for yes/no requirements and that the EHR can generate screenshots (with software name and version) dated during the reporting period for attestation, ensuring that that the EHR can generate an audit log of when you started tracking a measure, and confirming that there is documentation to support exclusion from a given measure. Documentation must be retained for six years post attestation.
If the provider does not meet one or more measures or is found to be ineligible, based on an audit, CMS will recoup the EHR incentive payment.