HIPAA Audit: OCR Is On The Move
Successfully preparing for and surviving a meaningful use audit sis imperative! And if you thought otherwise, it’s time to think again! Not doing it right can cost you a pretty penny, besides losing your job, like in the case of Detroit Medical Center’s, Chief Medical Information Officer Leland Babitch, MD, whose employment was terminated after it was discovered that the hospital will have to pay back a potential $14 million in EHR incentives. Or take the case of Health Management Associates – which operates 71 hospitals –announced it was returning $31 million in improperly claimed electronic health record incentive payments, back in November, for hospitals that did not meet meaningful use requirements, as initially claimed.
According to the Centers for Medicare & Medicaid Services at least one in 20 MU attesters will undergo a meaningful use audit, of which 50 percent are more likely to undergo a pre-payment audit. While these audits are expected to increase, there are certain things that are important to keep in mind.
The right preparation can save a healthcare provider or hospital money, as it can help protect or defend incentive payments, in addition to preventing payment adjustments, while also potentially save you your job. Tony Panjamapirom, consultant at The Advisory Board Company, said, “successfully preparing for – and surviving – an audit also comes down to seeing audits as a serious need, rather than a threat.”
Proper preparation is integral to survival
The likelihood of audits is escalating. After you submit for attestation, the auditor can knock on your door at any time. Either, prior to or after you have received the incentive payment – and remember an audit can occur anytime up to six years. Being a critical necessity, preparing for an MU audit is a serious time and resource commitment. It is thus, best to be prepared and ensure that your enterprise is in order, especially when it is time for the real deal.
Joanne La Grange, director of the meaningful use program at Scripps, says they’ve had prepayment audits, post payment audits, and CMS mini audits, and it is mock audits that provide you an opportunity to develop a systematic approach so that you can respond in a timely manner, thus ensuring that you stay prepared.
Learning To Do It Right With a Mock Audit
Mock audits help take away an organization’s trepidation from the real audit, and these must follow a pre-defined methodology. La Grange advises that a mock audit must involve the following steps:
- Developing a book of evidence, prior to attestation, is the first step in developing a successful mock audit. This “book of evidence,” needs to be stored on a secure device with limited access.
- The second step of developing a mock audit program entails clearly defining the role of the internal audit, which must operate as an independent function.
- Developing guiding principles for process includes establishing a single point of contact for the CMS auditor, thereby eliminating the odds of providing inconsistent information.
- Creating audit-tracking tools. This includes incorporating a checklist of items that need to be completed along with audit request forms. Ideally, this can be done in two phases, where the first phase includes proof of certified EHR, source documents, summary report, evidence report, security risk assessments and procedures performed during the risk analysis; and the next phase including the core and menu objectives with thresholds, with the supporting documentation in addition to attestation measures.
- The final step entails incorporating all lessons learned and examining feedback to conduct a successful mock audit.
The meaningful use incentive program is intended to encourage healthcare providers to adopt electronic health record systems and ensure secure data sharing practices. These are important as they can help avoid incidents like what occurred at Shelby Regional Medical Center in Texas, Detroit Medical Center etc. However, besides conducting mock audits and endeavoring to stay prepared at all times, it is also prudent for enterprises to implement a comprehensive solution to simplify the matter. With a security solution like Aegify Security Posture Management or Aegify SecureGRC, healthcare institutes can achieve meaningful use status with ease, while also ensuring that there is no breach of security protocol.
Related posts
I appreciate, cause I discovered just what I used to be looking for. You have ended my four day long hunt! God Bless you man. Have a nice day.
Keep working ,impressive job!
I’m really impressed with your writing skills as well as with the layout on your blog. Is this a paid theme or did you customize it yourself? Anyway keep up the excellent quality writing, its rare to see a great blog like this one these days.. bedeebdagcbg