PreAudit for Medicare EHR Incentive Program

michaelke wrote on Thursday, June 12, 2014:

Our practice was currently selected for a preaudit by CMS. Has anyone else gone through this process? Any tips? thank you for any guidance. My email is Michael_Kern@kernpodiatric.com if you don’t want to share specifics in the forum.

fsgl wrote on Friday, June 13, 2014:

If a forum member received a letter from Figliozzi and Company, he is not likely to write about it here.

For starters, have a look at the articles cited in the Caution section of this Wiki article.

Our State Medical Society has a legal division, whose purpose is to aid membership in dealing with situations described above. If you have an equivalent in Podiatry, it’s not too early to contact them.

It is my understanding that a pre-audit occurs automatically once the attestation for 2013 has been submitted. CMS does this before any bonus is released. Your notification may be more than a pre-audit. If it is from Figliozzi and Company from Garden City, New York 11530; it’s the real deal. Hopefully I’m wrong.

fsgl wrote on Friday, June 13, 2014:

If your malpractice policy is underwritten by a mutual company (owned and operated by the insured), it will be good to talk to them as well. A mutual medical liability company generally has experience in such matters. Because it is a mutual company, they have your best interests at heart.

ajperezcrespo wrote on Friday, June 13, 2014:

Thanks to poor attestation processes by a few local EHR vendors (incentives being one of their selling points), I have been called in to assist providers with these audits. I have assisted in both Pre and Post Payment audits. It all depends on what was requested as part of the Audit. I wouldn’t advise you to post the details here. If you like you can contact me via email aperez@md-technologies.net

Thanks and good luck.
Alfonso

fsgl wrote on Saturday, June 14, 2014:

Of note, these articles on pre-payment audits, first and second. A third suggests that auditing is a means of dealing with “cash flow”.

Whether pre or post, getting a letter from Figliozzi and Company is a thing to dread. The only difference is that the bonus has to be returned if the determination is that the practice’s documents failed to support the attestation. I don’t think that there are criminal penalties involved; but government audits of any kind, be they IRS or CMS, are nightmares.

Attestation is no cake walk. Attestation rates have been low; only 12.2% for the period April 2011 to May 2012. These audits are further disincentives to participation in government programs. Washington can save the money and do everyone a favor by allowing the medical community to concentrate on the care of our patients.

michaelke wrote on Saturday, June 14, 2014:

I am posting the information that has been requested as an attachment. I am currently putting together my responses for the PreAudit. From my conversation with my auditor I am not too worried about the outcome, but putting together everything they are looking for is still just a pain. More tedious work…

michaelke wrote on Saturday, June 14, 2014:

This is the generic Audit Engagement letter that is sent out in an email.

fsgl wrote on Saturday, June 14, 2014:

It’s the real deal.

The auditor works for CMS, not for you.

If you are not worried then we wish you the best of luck and hope that nothing untoward happens to the practice.

Because this can become a serious legal matter, we will refrain from additional posts. We are in no position to offer competent legal advice.

ajperezcrespo wrote on Sunday, June 15, 2014:

Keep in mind that they can request further information. Item 15 is a consistent request. I haven’t seen a single audit that it has not been included. Make sure your risk assessment/analysis was preformed during or prior to the attested period and was used to update your hipaa compliance manual.
And be extremely careful of the other items listed. Make sure that it is accurate and reflects the attested items.

yehster wrote on Tuesday, June 17, 2014:

This piece of an audit something that I suspect many folk are not doing adequately.

Core #15- Protect Electronic Health Information: Provide proof that a security risk analysis of the Certified EHR Technology was performed prior to the end of the reporting period (i.e. report which documents the procedures performed during the analysis and the results of the analysis). If deficiencies are identified in this analysis, please supply the implementation plan; this plan should include the completion dates.

Edit: Of course Alfonso said basically the same thing. That will teach me to RTFM.