The Centers for Medicare and Medicaid Services (CMS) recently began the promised audits of Medicare providers and dual-eligible Medicare and Medicaid hospitals receiving payments from the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs.

CMS’ general audit guidelines advise providers to "save the supporting electronic or paper documentation that support your attestation." Upon audit, “the documentation will be used to validate that the provider accurately attested and submitted Clinical Quality Measures, as well as to verify that the incentive payment was accurate.”

The audits seek four types of data: documentation from the Office of the National Coordinator for Health IT that shows the provider used a certified EHR system for meaningful use attestation; information about the method used to report emergency department admissions; documentation that the provider has completed attestation for the core set of meaningful use criteria; and documentation that the provider has completed attestation for the required number of menu set meaningful use objectives. The selected providers will then have two weeks to submit their documentation.

In a blog post on its website, the Health Information Management and Systems Society offered several recommendations for eligible providers and hospitals when responding to an audit:

• Look for a CMS logo on the letterhead of the audit letter.
• Know that the eligible professional audits will be for Medicare and Medicare Advantage programs; eligible hospital audits will be for Medicare Only and Dual Eligible, including Medicare Advantage Hospitals.
• CMS advises avoiding detailed audit responses, and site visits are not being conducted.
• Protect patient confidentiality and de-identify patient information, per HIPAA requirements.
• Provide only the information requested by the audit letter; “less is best.”
• Respond to the audit in a timely manner–within two weeks from request.
• Ask questions about the audit, if not sure how to respond.