If anyone doubts that Meaningful Use (MU) audits are occurring, I would like a chance to change their mind. Yesterday 2 potential new clients contacted us with similar stories. Both had received letters from the Centers for Medicare & Medicaid Services (CMS) letting them know that they have been audited for Meaningful Use. One client was audited for 2012 and the other client for 2013. Both were requested to submit their documentation to support their MU attestation and specifically submit their Security Risk Assessment. Unfortunately neither had performed a Security Risk Assessment for the previous years.
It is never easy telling a client that you can’t help them regarding their MU audit for a previous year. Once we explained the requirements that the Security Risk Assessment had to be performed before the end of the reporting period they understood. Both clients signed up for our HIPAA Secure Now! service and Security Risk Assessment for 2014.
Could more MU audits be on the horizon?
Ironically, FierceEMR published a story today that might lead you to suspect that even more MU audits could be coming.
A House Committee has asked the Centers for Medicare & Medicaid Services and the U.S. Department of Health & Human Services Office of Inspector General (OIG) to justify how well they’re policing the payments to providers.
OIG has already told CMS to step up prepayment review, a recommendation that CMS disagreed with. And OIG is stepping up to the plate itself, for the first time intending to audit providers receiving Meaningful Use incentive payments.
So if one reads between the lines (or is very familiar with recent laws and regulations), what the committee is really getting at is whether CMS is adequately using the new tools it has to stop improper payments before they go out the door.
It is clear that Meaningful Use audits are occurring and that the lack of a Security Risk Assessment might require a provider to payback a full year of incentive payments. The amount of these audits seem to be accelerating or at least we are hearing about more clients being selected for MU audits. And with Congress breathing down the back of both CMS and OIG, there is a good chance even more audits are on the way.
Understand a HIPAA / Meaningful Use
Organizations need to perform a Risk Assessment to determine the likelihood of risks and what additional security measures should be put in place to protect patient information.
to better understand the HIPAA Risk Assessment process