Note: CMS has changed the name of the advancing care information category to promoting interoperability. The category abbreviation has changed from ACI to PI.
The Centers for Medicare and Medicaid Services has the authority to audit physicians who receive electronic health record-related bonuses to ensure that they have met the requirements of "meaningful using" an EHR system and do, in fact, qualify for the incentive payment. The Medicaid program audit process varies by state; each state has contracted with its own auditor. In 2017, CMS renamed the meaningful-use program advancing care information and rolled it into the Merit-Based Incentive Payment System. In 2018, CMS renamed the category to promoting interoperability.
Important note: CMS can audit you anytime within six years of submission.
MIPS Advancing Care Information/Promoting Interoperability Audit Process (2017 Onward)
If CMS audits your MIPS submission, you will need to validate the information you submitted in each category. For advancing care information/promoting interoperability category, you can provide a dated report from your CEHRT to show completion of the measures you reported.
Some measures have additional validation requirements or options:
- For Security Risk Analysis, you must provide a dated copy of your analysis and documentation that you implemented security updates and corrected identified security deficiencies.
- For Specialized Registry Reporting through IRIS Registry-EHR integration, you can email email@example.com to request a letter confirming your participation.
- For Provide Patient Access, if you included patients who opted out of the patient portal in your numerator, you can include documentation that you gave the patient instructions on how to access their health information, including the website address they must visit.
- For Patient-Specific Education transition measure, you could complete the measure by using suggested education topics identified by your CEHRT to provide resources to your patients in any modality (including on paper). If you did not provide resources in a way that your CEHRT captured, you can supply additional proof that you provided resources to patients.
- For the Patient-Specific Education ACI/PI, or non-transition, measure, you could provide these resources electronically to your patients from any source. If you did not provide resources in a way that your CEHRT captured, you can supply additional proof that you provided electronic resources to patients.
CMS Meaningful Use Audit Process (2016 and Before)
CMS contracted with Figliozzi and Company, CPAs, to conduct the audits for the Medicare program. CMS estimates that they will audit at least 5 percent of all attestations submitted.
- Physicians are selected for audits on a random basis. Some physician may also be audited if their attestation contains suspicious or anomalous data (e.g., denominators that should be the same - such as "all unique patients" - vary from measure to measure).
- If selected for an audit, you will be contacted through the email address you provided at the time of registration for the EHR Incentive Program. You will receive an audit information letter and document request from a representative of Figliozzi and Company.
- You will have two weeks to respond to the initial request. Figliozzi and Company may send follow-up requests if they need additional documentation to render an audit decision. In rare cases, an onsite audit may be conducted.
- CMS is currently conducting two types of audits – a post-payment audit and a prepayment audit.
- All meaningful use attestations may be subject to a post-payment audit.
- Attestations submitted after Jan. 1, 2013, may be subject to a pre-payment audit. If selected for a pre-payment audit, the meaningful use payment will be held pending the outcome of the audit.
How to Document Participation and Exclusions
The Academy recommends you maintain a compliance file that contains your EHR vendor agreement, proof of EHR certification and all the documents used to support the meaningful-use attestation.
If selected for an audit, you will be asked to show proof of possession of a certified EHR and proof of compliance with each of the meaningful use objectives or exclusions you attested to meeting. This evidence is most commonly supplied through a copy of the meaningful use data report (showing numerator, denominator and percentage information) used to complete the initial attestation. The documents below can serve as a guide to the type of evidence that should be maintained.
Vital Signs and Immunizations
The two exclusions most commonly taken by ophthalmologists are vital signs and immunizations. If subject to an audit, you can provide these documents to auditors as evidence of your compliance with the exclusion.
Public Health Objective 10
Active engagement with the the Academy's IRIS® Registry enables ophthalmologists to satisfy measure option 3, specialized registry reporting, for meaningful use objective 10, public health reporting. Because the IRIS Registry is the only eye care specialized registry, it is the only specialized registry that the American Academy of Ophthalmology recommends to its members.
Exclusions for Measure Options 2 and 3
Per CMS FAQ 12985, you are eligible for 2015 exclusions from measure options 2, syndromic surveillance, and 3, specialized registry, if you did not intend to attest to the equivalent prior menu objectives. You also qualify for an exclusion from measure 2 if your state that does not have a statewide syndromic surveillance system.
Audit Consequences and Appeals
If you receive a negative audit finding:
- You must return your EHR incentive payment.
- You can appeal your audit filing (PDF) on the CMS website.
- CMS can also pursue other civil and criminal actions against you if they determine that fraud has occurred. Penalties for fraud may also include exclusion from the Medicare program for a specified length of time.