Who will be performing the Medicaid Audits?
EHR Incentive Program Medicaid Audits for the State of Illinois will be conducted by the Department of Healthcare and Family Services, Office of the Inspector General, Bureau of Medicaid Integrity.
Who may be subject to an audit?
Any eligible professional (EP), eligible hospital (EH) or critical access hospital (CAH) attesting to and receiving an EHR incentive payment through the Illinois Medicaid EHR Incentive Program.
Preparing for an audit:
It is the provider’s responsibility to maintain the proper documentation that supports the meaningful use claims and the clinical quality measures submitted during attestation. Documentation supporting provider eligibility and Medicaid volume calculations also must be retained. It is recommended that EPs, EHs, and CAHs should retain all supporting attestation documentation in both electronic and paper format. If retaining screenshots, make sure all protected health information has been blackened out. To demonstrate that electronic documents have not been manipulated, save in a version that is not able to be manipulated such as PDF. Documentation supporting attestation should be kept for six years post-attestation.
Documentation to save:
- Office of the National Coordinator (ONC)-certified EHR software
- Screenshot or other applicable document of certified health IT product list certification ID number for the version of software referenced during attestation
- Documentation to prove acquisition/purchase/lease of ONC-certified EHR software. Examples include:
- Contract documents
- Documents supporting Invoice
- Documents supporting Purchase Order
- Lease documents
- License documents
- Practicing Locations – A list of all locations in which EP encounters occurred
- Other Supporting Documents
- Hospital payment calculation
- Documents supporting Cost Reports
- Hospital calculation worksheet
- Eligibility requirements
- Reports that support calculations of Medicaid and total patient encounter volumes, explanations of how and when they were generated
- Documentation to support the number of unique patients seen by the EP
- Group definitions, including a listing of the individual members of a group, patient volume reporting periods used, and the locations used to accumulate the group encounters
- Documentation showing an FQHC or RHC is led by a Physician Assistant, if a Physician Assistant is requesting eligibility in the program
- Meaningful use achievement: The provider must keep enough supporting documentation for each objective/measure to verify the numeric and other information supplied in the attestation. Examples of supporting documents that may be appropriate are listed below:
- Meaningful use dashboard reports showing provider achievement of core and selected menu measures, and screenshots or other applicable documents used to verify the date the reports were run
- Documentation to support any exclusions taken for any meaningful use measure
- Screenshot or other applicable document that verifies the EP has enabled and implemented the functionality for drug-drug and drug-allergy interaction checks for the entire EHR reporting period
- Screenshot or other applicable document that shows the clinical decision support (CDS) rule was enabled (Stage 1) or that five clinical decision supports rules were enabled (Stage 2), dated prior to the beginning of the EHR reporting period
- Clinical summary for a patient
- Description of how/when (timeframe after visit) a clinical summary is given to the patient
- Documentation to support exchange of key clinical information: what documentation was sent, name of the entity to whom the test was sent, the software and version of the EHR used by the receiving entity and a response from the receiving entity if the test was successful (effective for meaningful use attestations for 2010-2012 only as revised per Stage 2 legislation, effective 2013)
- HIPAA Security risk analysis, including:
- Physical inspection report
- List of security deficiencies and how they were mitigated
- Standards followed when conducting security risk analysis
- How is encryption/security of data at rest addressed? (Stage 2)
- Screenshot or other applicable document that verifies that drug formulary was enabled, dated prior to the beginning of the EHR reporting period (Stage 1)
- Name of the formulary vendor (for example: Surescripts)
- List of the types of clinical lab tests incorporated into CEHRT
- Screenshot or other applicable document of lab order, dated during the EHR reporting period
- Patient list, description of how the patient list was generated and for what purpose
- Email sent to Illinois Department of Public Health (IDPH) with test file for submission of electronic data
- IDPH letter verifying test of electronic data was submitted or that ongoing transmission is occurring in a production mode
- List of top five recipients of eRx and a Screenshot or other applicable document of the top five from the e-prescribing vendor (for example: Surescripts)
Utilization of this document does not guarantee that the EP will pass a CMS or State of Illinois audit.
For more information: The Official Web Site for the Medicare and Medicaid Electronic Health Records (EHR) Incentive Programs