Technology
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

Latest Wave of MU Audits Delivers a Fresh Scare

Scott Mace, for HealthLeaders Media, October 29, 2013

These risk assessments must also show that any deficiencies found were completely remediated before the reporting period ended, McNutt says.

Providers even have to watch their words carefully lest they invite extra scrutiny. "Avoid using words like 'deficiencies' and 'remediations'" if the organization is simply contemplating a set of best practices, McNutt says.

Another lesson Methodist learned was to provide proof that they were on a Meaningful Use-certified version of its EHR software during the entire reporting period. This can be tricky if software upgrades happen anywhere near that period of time, McNutt says.

"A letter from your vendor would do, or if you have screen shots you can take from your EHR that say what exact day certain releases were moved into production, you could use that for your defense, but that's the first thing they ask for."

Medicaid Surprise and a CMS Challenge
Then there was McNutt's Medicaid surprise, which reinforces the fact that these audits are as much about proving actual use of EHR systems as they are about proper installation and risk assessments. "This audit from CMS is as much an audit of your state Medicaid agency as it is of you, and so they come to you to reprove everything that the state already has," she told the CHIME Webinar audience.

1 | 2 | 3 | 4 | 5

Comments are moderated. Please be patient.

4 comments on "Latest Wave of MU Audits Delivers a Fresh Scare"


Jack Kolk (11/15/2013 at 9:04 AM)
It's more cut and dried than you think. As a company that has done 100's of risk assessments and been through the contesting of failed audits we know the process and what they are looking for. The fact that CHIMES members are still arguing over what is required is silly. The final guidance for a compliant risk assessment is at : http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf

Ellis Malovany (11/6/2013 at 9:29 AM)
This is precisely the reason why having the support of an accredited EMR company is critical. Providers have enough on their plate dealing with falling reimbursements and a confusing environment that has led many providers to throw up their hands and consider retirement or sidestepping into an alternative career. EMR companies need to stay on top of the changing targets and build value by proactively conveying information to their provider/clients. Unfortunately, in this "wild west" of EMR technology, only a handful of EMR companies understand how to manage and support.

Frank Poggio (10/30/2013 at 10:10 AM)
Scott, Cut an Dried?? I don't think so. At least not in the way you may think. The MU Attestation and vendor Certificaiton program and process was slapped together in a political rush. After completing dozens of Certifications for vendors I can attest that the process is far from black and white. Scripts get revised on a monthly basis, MU criteria is still getting redefined today. There was no audit process pre-tested and put in pace in advance, niether for vendors or providers. The appeals process is as clear as mud...and on and on. The only thing that will be Cut and Dried is: Providers will get the CUTS and vendors will be hung out to Dry when this is all over!