No Time like the Present to Conduct a Practice EHR Incentive Audit for Meaningful Use Stage 1

By | March 27, 2014

The clock is ticking down to the March 31, 2014 deadline for Meaningful Use Stage 1 (MU 1) attestation. It is important to remember that getting your report in on time does not end your responsibilities regarding HIPAA compliance and any incentive money you may have received. Audits are continuing to occur and the bad news is many providers are failing. What is worse, those who fail a Meaningful Use audit will likely be required to return the incentive money they have received. However, there is good news as well. Specifically, regular attention and effort directed at remaining up to date with HIPAA compliance policies including the rules and regulations for MU 1 will significantly increase the likelihood you will pass an audit should one occur. 
There are a few assumptions that should be universally held by everyone who has received Medicaid and/or Medicare incentive funds for Meaningful Use Stage 1. All things being equal, you should assume that:

• Everything that can go wrong during the attestation process will go wrong
• You will be audited
• Everything that can go wrong during the audit will go wrong

The key to preventing yourself from being overwhelmed to the point of being unable to function should these assumptions prove true, lies within the phrase “all things being equal.” How do you defeat this equality beast? You load the dice in favor of the house (the house being you) so things are no longer equal.

First, weight the dice by making a commitment to over-preparation and excessive practice. Next, increase weight by becoming at least a bit obsessive compulsive in the manner in which you follow your new commitment, such that you carry it out unflinchingly no matter what roadblocks may seem to get in your way. Of course, this cannot magically create documentation if none exists due to failure to comply with HIPAA and MU 1. However, if you have been compliant for the requisite amount of time, the following suggestions can help you successfully demonstrate your adherence if you remain true to the concept of over-preparedness.

There are several steps to the somewhat-painful-but-well-worth-it process of becoming and remaining over prepared. As you review the following list, review each step in your mind and create reasons the step is important to your practice or facility specifically. This will help you comprehend the practicality within each step such that the list becomes applicable to your situation instead of merely just more HIPAA related reading.

1) Ensure all key personal have reviewed the information needed for the attestation process several times and make certain that there is more than one way to document each point whenever possible. You will likely only need one piece of documentation per item but for this type of report more is better.

2) Okay, so it’s not a given that you will definitely be audited. However, it’s far better to believe you will and act accordingly even if the dreaded event doesn’t take place rather than to assume you will be one of the lucky ones that escapes auditing. Assuming an audit won’t happen often leads providers to respond by slacking off on regular reviews only to be caught unprepared when auditors walk through the door.

3) Should you be audited, no matter how confident you feel about your compliance level, nervousness is normal. Keep in mind that audits are interactive and performance based in addition to being a far cry from submitting a written report. Nerves can get in the way of being able to comply on the spot with the auditors instructions. Excessive practice can help tasks to become automatic thereby overcoming any natural anxiety you may be experiencing. There will always be tasks during an audit you aren’t able to predict. The better you do on the ones you can predict the more confident you will become and the better you will perform on the surprise tasks. As much as you don’t want to accept it, no matter how much you prepare, something will always go wrong. There’s good reason Murphy’s Law is commonly referenced in situations when nothing seem to work out the way you planned. Enter an audit with the assumption that something will go wrong and when it does stay calm – you knew this was coming after all – and if possible laugh it off to show it was a slip which you can easily remedy as opposed to a lack of ability.

4) Conduct at least one complete practice audit before the end of the month to ensure all the necessary information has been collected for your report, and all key personnel can demonstrate the accuracy of the documentation in person during a real audit.

5) After the deadline, rotate through sections of your practice audit to decrease the burden on any individual’s time and workload. Also make sure there is a regular schedule established detailing when each part will be conducted with a full practice audit conducted twice yearly at a minimum.

6) Repeat to yourself during times all this preparation seems like overkill and you find yourself tempted to abandon the approach, “Just in case,” and let it become your mantra

When all is said and done, there will be many providers who successfully complete the attestation process and return to their regular operating mode. The critical nature of day to day operations will, once more, become more salient than constantly monitoring HIPAA compliance and supplant the concern over passing a potential audit in the future. These professionals will slack off on their commitment and effort to keep key personnel up to date on necessary procedures, will fail to carry out regular risk assessments and practice audits, and potentially will be caught with their pants down should an audit actually occur.

Remember, you can pass the attestation stage but still fail an audit. These two steps of regulating HIPAA compliance are largely independent of each other. Attestation is mandatory for everyone receiving incentive funds and must be successfully completed by the March 31st deadline. Audits can happen at any time, and the longer you go without being given notice you are on the list, the less likely you are to keep up with regular reviews and updates. Make sure that once you have met your goals for preparing for an audit you don’t lost the forward momentum. “Make HIPAA compliance part of everyone’s job description and part of the regular schedule so it becomes SOP and not extra work. Pledge to never let down your standards and if you are audited, you should have little difficulty passing with flying colors.” HIPAA BOB,  Bob Grant Chief Compliance Officer , Compliancy Group LLC