The Office of Inspector General (OIG) of the US Department of Health and Human Services (HHS) has begun reviewing payments made to eligible providers (EPs) under the Medicare and Medicaid electronic health record incentive program, also known as the meaningful use program. The audits, which are being conducted in accordance with OIG’s 2015 work plan, include investigations of security risk assessments.
The purpose of the OIG audits is to determine whether the Centers for Medicare & Medicaid Services (CMS) is using taxpayer funds properly, not to uncover fraudulent or incorrect reporting by individual hospitals or physicians, noted OIG spokesman Donald White in an interview with Medscape Medical News. Nevertheless, two recent audit reports OIG supplied to Medscape show that, where they revealed inappropriate payments, the providers will have to give up some of those bonuses.
In addition to the current OIG audits, CMS has been reviewingmeaningful use incentive payments since 2012, using an external auditor, Figliozzi & Co, to collect information from providers. Initially, those audits were performed after CMS paid eligible professionals and hospitals, but in 2013, after a critical OIG report on its auditing practices, CMS added prepayment auditing as well.
The prepayment audits alone affect 5% to 10% of providers who attest to meaningful use, according to CMS. Although White could not say what percentage of attesters will be audited by OIG, he said the sample of audited providers must be “statistically significant.” In healthcare parlance, that typically means 5% or more of a sample.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
White stated that OIG is not seeking out malfeasance. In the audits he is aware of, he said, “They were looking at implementation of the programs. If auditors come across information that might involve enforcement issues, they might provide that information to CMS or OIG. But that’s not what they’re primarily looking at.”
Hospitals and EPs Under Scrutiny
The two audits that have been completed so far involve the Medicaid electronic health record incentive programs in Florida and Massachusetts. In the Florida report, the auditors reviewed state Medicaid data on 42 hospitals, obtained information directly from the facilities, and determined whether the state’s incentive payment calculations were correct under state and federal laws. Their conclusion is that they were.
In the Massachusetts report, the OIG auditors came to the opposite conclusion: They found that 19 of the 25 hospitals they audited had received incorrect payments from the state Medicaid agency. The agency had overpaid 13 hospitals about $2.7 million and had underpaid six hospitals by $564,000. The auditors recommended that the agency repay the federal government $2.1 million and adjust the 19 hospitals’ remaining incentives to account for the incorrect calculations. In addition, they advised the agency to make policy changes to avoid future mistakes.
Not only hospitals but also eligible professionals stand a chance of losing or gaining money as a result of OIG audits. EPs should also be aware that OIG will audit some of them in the near future.
According to an article published in Politico’s eHealth News, a physician represented by a Chicago attorney has already received a letter from OIG auditors. They were seeking information about meaningful use attestations going back to 2011, the lawyer said.
Keep the Documents
Consultants interviewed by Medscape Medical News said physicians should prepare themselves for OIG audits the same way they should get ready for CMS reviews of their attestations.
“Physician practices should assume they’re going to get audited, and be relieved if they aren’t,” said Michelle Holmes, a principal at ECG Management Consultants in Seattle, Washington. “This means proactively compiling all of the documentation to support the information that was entered during the attestation process. Err on the side of caution and maintain comprehensive information to substantiate the performance for every measure.”
David Zetter, a healthcare consultant in Mechanicsburg, Pennsylvania, who advises practices on issues related to meaningful use audits, agreed that providers should have all their documentation in place to prepare for an OIG audit. However, he pointed out that some electronic health records are better at supplying the requisite reports than others. If the reports are insufficiently detailed, practices may need to print out screen shots for auditors as well, he said.
Many practices, Zetter noted, have real reasons to fear government audits. “There are plenty of misrepresented attestations out there. Most are due not to fraud, but to ignorance. Physicians just don’t know what they’re supposed to be doing. Plenty of people still don’t know what a security risk assessment is.”
Zetter estimated that upward of 70% of EP attestations include sections that were done incorrectly. The area of documenting data security is especially vulnerable, he said. If practices are uncertain how to do a security risk assessment, he added, there are vendors that will do one for as little as $300.
Date: April 2, 2015