The U.S. Health and Human Services Department’s Office of Inspector General (OIG) will begin auditing individual providers to determine if they met Meaningful Use requirements.
Currently the Centers for Medicare & Medicaid Service (CMS) is auditing providers through contractor Figliozzi & Co. The CMS audits look to see if providers met the Meaningful Use measures for a 1 year period (attestation period). The OIG audits will look at certain measure but over a three year period.
According to a story over at FierceEMR, the OIG audits will look at:
- Whether providers that received Medicare and/or Medicaid Meaningful Use incentive payments were entitled to the money
- How well CMS oversees the Meaningful Use payments being made
- CMS oversight of hospitals’ security controls over networked medical devices that are integrated with EHR systems
- Whether covered entities and business associates, such as cloud services and other “downstream service providers,” adequately secure electronic patient protected health information created or maintained by certified EHR technology. The OIG specifically states that hospitals must conduct security risk analyses
- The extent to which hospitals have EHR contingency plans, as required by HIPAA’s security rule
If providers fail the OIG audit they may need to return multiple years of Meaningful Use incentive funds.
However, if OIG determines that a provider has received incentive payments to which it is not entitled, the provider will have to repay it, Gottlieb says. Several Massachusetts hospitals will need to repay their incentives as a result of the Massachusetts audit.
We are already seeing many clients being audited for Meaningful Use through the CMS audits. The OIG audits will add more pressure and scrutiny to Meaningful Use incentive funds that providers have received. Just remember, what the government gives out, the government can take away.