Our practice was currently selected for a preaudit by CMS. Has anyone else gone through this process? Any tips? thank you for any guidance. My email is Michael_Kern@kernpodiatric.com if you don’t want to share specifics in the forum.
If a forum member received a letter from Figliozzi and Company, he is not likely to write about it here.
For starters, have a look at the articles cited in the Caution section of this Wiki article.
Our State Medical Society has a legal division, whose purpose is to aid membership in dealing with situations described above. If you have an equivalent in Podiatry, it’s not too early to contact them.
It is my understanding that a pre-audit occurs automatically once the attestation for 2013 has been submitted. CMS does this before any bonus is released. Your notification may be more than a pre-audit. If it is from Figliozzi and Company from Garden City, New York 11530; it’s the real deal. Hopefully I’m wrong.
If your malpractice policy is underwritten by a mutual company (owned and operated by the insured), it will be good to talk to them as well. A mutual medical liability company generally has experience in such matters. Because it is a mutual company, they have your best interests at heart.
Thanks to poor attestation processes by a few local EHR vendors (incentives being one of their selling points), I have been called in to assist providers with these audits. I have assisted in both Pre and Post Payment audits. It all depends on what was requested as part of the Audit. I wouldn’t advise you to post the details here. If you like you can contact me via email aperez@md-technologies.net
Of note, these articles on pre-payment audits, first and second. A third suggests that auditing is a means of dealing with “cash flow”.
Whether pre or post, getting a letter from Figliozzi and Company is a thing to dread. The only difference is that the bonus has to be returned if the determination is that the practice’s documents failed to support the attestation. I don’t think that there are criminal penalties involved; but government audits of any kind, be they IRS or CMS, are nightmares.
Attestation is no cake walk. Attestation rates have been low; only 12.2% for the period April 2011 to May 2012. These audits are further disincentives to participation in government programs. Washington can save the money and do everyone a favor by allowing the medical community to concentrate on the care of our patients.
I am posting the information that has been requested as an attachment. I am currently putting together my responses for the PreAudit. From my conversation with my auditor I am not too worried about the outcome, but putting together everything they are looking for is still just a pain. More tedious work…
Keep in mind that they can request further information. Item 15 is a consistent request. I haven’t seen a single audit that it has not been included. Make sure your risk assessment/analysis was preformed during or prior to the attested period and was used to update your hipaa compliance manual.
And be extremely careful of the other items listed. Make sure that it is accurate and reflects the attested items.
This piece of an audit something that I suspect many folk are not doing adequately.
Core #15- Protect Electronic Health Information: Provide proof that a security risk analysis of the Certified EHR Technology was performed prior to the end of the reporting period (i.e. report which documents the procedures performed during the analysis and the results of the analysis). If deficiencies are identified in this analysis, please supply the implementation plan; this plan should include the completion dates.
Edit: Of course Alfonso said basically the same thing. That will teach me to RTFM.