The Office of Inspector General (OIG) for the Department of Health and Human Services released a report late last year claiming that the Centers for Medicare and Medicaid Services (CMS) was not doing enough to verify that only eligible providers were receiving electronic health records (EHR) incentives. Until now, CMS relied on self-reported information to decide which providers were eligible for EHR incentive payments. The OIG stated that CMS did correctly identify which providers met meaningful use requirements based on the self-reported information, but according to the OIG, CMS did little to verify the self-reported information. The OIG stated that CMS did not have enough external information to use to verify the self-reported information. Additionally, the OIG reported that a potential audit was the only control that was in place to stop potentially fraudulent participation in the EHR meaningful use incentive payment program. However, those audits do not take place until after a provider entered into the program and incentive payments were made.

CMS has seemingly responded to the OIG report as follows. The agency has announced that approximately 5% of participants in EHR can expect to be audited. Robert Anthony, deputy director of the Health Information Technology Initiatives group with CMS stated that “…[A]bout one in 20 participants in the federally funded electronic health-record incentive payment program can expect to be audited for compliance with meaningful use and other program criteria.” Mr. Anthony stated that CMS will focus equally on pre-payment and post-payment audits, with the goal of reviewing 5% of program participants. This new initiative shows a departure from the previous position of only utilizing post-payment audits. Further, this round of audits is in addition to the post-payment audit process that was announced by CMS last year.

In order to prepare for possible future audits, CMS recommends that providers save all documentation that supports the data they submitted when applying for the EHR incentive program. Moreover, providers should work with their compliance counsel to have their compliance program pre-audited as part of the preparation process.