Healthcare News & Insights

More meaningful use flexibility and audits are coming

A proposed rule could make it easier to attest to meaningful use Stages 1 and 2, but an auditor could still be coming to penalize you for past attestation. 

ThinkstockPhotos-522418955The Centers for Medicare & Medicaid Services (CMS) recently proposed new rules that would amend the meaningful use program for hospitals and eligible professionals that want to earn incentives in 2015.

Less rigid attestation rules

Overall, the new rule tries to align Stage 1 and Stage 2 criteria and measures with the newly proposed, more flexible rules of Stage 3.

The changes would reduce certain reporting requirements and free up providers to focus on using their electronic health records (EHRs) in more advanced ways, such as improving quality of care, encouraging interoperability and participating in health information exchanges.

Specifically, the new rule:

  • lowers the number of meaningful use criteria
  • eliminates measures that have become unnecessary or have already reached wide-spread adoption
  • realigns the reporting period with the calender year instead of the fiscal year, and
  • provides a 90-day reporting period for 2015.

More meaningful use scrutiny

Unfortunately, though attesting to Stage 1 and 2 may be easier going forward, providers could still be penalized for inappropriate meaningful use payments from past attestations.

The Department of Health  and Human Services’ Office of the Inspector General (OIG) has just begun meaningful use audits, running concurrently with the audits CMS is already conducting, according to Daniel Gottlieb, healthcare attorney at the firm McDermott, Will & Emery, on his FCA Update blog.

But unlike CMS’ audits, which look at all meaningful use measures for a particular year, the OIG audits only looks at a few measures over a three-year reporting period.

For example, one measure the OIG is investigating is the comprehensive security analysis criteria, which is also a HIPAA requirement. Providers selected for audits will have to show that they’ve completed regular security assessments of their facilities from January 1, 2011 to June 30, 2014.

Specifically, the OIG is looking to make sure providers are properly securing patient data and weren’t mistakenly paid meaningful use incentives. Inappropriate payments the agency identifies during its audits will have to be returned, which could be a hefty blow to your facility’s finances.

According to Gottlieb, if your facility is selected for one of the random audits, you’ll need to provide materials like:

  • documentation to support each measure attested to
  • security analysis reports, and
  • dated screen shots demonstrating the measure was met during the appropriate reporting period.

The audits also show how important it is to keep thorough records of your meaningful use and HIPAA compliance efforts to satisfy auditors that you’ve met your obligations. If your facility hasn’t done so yet, set a period each year for consistently conducting security assessments.

You may also want to create a centralized location for documents related to HIPAA and meaingful use should your facility be selected for an audit down the road.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.