Promoting Interoperability Program Audits
Who performed the Medicaid Audits?
Promoting Interoperability Program for Medicaid audits for the State of Illinois were conducted by the Department of Healthcare and Family Services, Office of the Inspector General, Bureau of Medicaid Integrity.
Who was subjected to an audit?
Any eligible professional (EP), eligible hospital (EH) or critical access hospital (CAH) attesting to and receiving an incentive payment through the Illinois Promoting Interoperability Program.
Provider Responsibilities
It is the provider's responsibility to maintain the proper documentation that supports the meaningful use claims and the clinical quality measures submitted during attestation. Documentation supporting provider eligibility and Medicaid volume calculations also must be retained. It is recommended that EPs, EHs, and CAHs should retain all supporting attestation documentation in both electronic and paper format. If retaining screenshots, make sure all protected health information has been blackened out. To demonstrate that electronic documents have not been manipulated, save in a version that is not able to be manipulated such as PDF. Documentation supporting attestation should be kept for six years post-attestation.
Documentation to save:
Office of the National Coordinator (ONC)-certified EHR software
Screenshot or other applicable document of certified health IT product list certification ID number for the version of software referenced during attestation
Documentation to prove acquisition/purchase/lease of ONC-certified EHR software. Examples include:
Contract documents
Documents supporting Invoice
Documents supporting Purchase Order
Lease documents
License documents
Practicing Locations : A list of all locations in which EP encounters occurred
Other Supporting Documents
Hospital payment calculation
Documents supporting Cost Reports
Hospital calculation worksheet
Eligibility requirements:
Reports that support calculations of Medicaid and total patient encounter volumes, explanations of how and when they were generated
Documentation to support the number of unique patients seen by the EP
Group definitions, including a listing of the individual members of a group, patient volume reporting periods used, and the locations used to accumulate the group encounters
Documentation showing an FQHC or RHC is led by a Physician Assistant, if a Physician Assistant is requesting eligibility in the program
Meaningful use achievement: The provider must keep enough supporting documentation for each objective/measure to verify the numeric and other information supplied in the attestation. Examples of supporting documents that may be appropriate are listed below:
Meaningful use dashboard reports showing provider achievement of core and selected menu measures, and screenshots or other applicable documents used to verify the date the reports were run
Documentation to support any exclusions taken for any meaningful use measure
Screenshot or other applicable document that verifies the EP has enabled and implemented the functionality for drug-drug and drug-allergy interaction checks for the entire EHR reporting period
Screenshot or other applicable document that shows the clinical decision support (CDS) rule was enabled (Stage 1) or that five clinical decision supports rules were enabled (Stage 2), dated prior to the beginning of the EHR reporting period
Clinical summary for a patient
Description of how/when (timeframe after visit) a clinical summary is given to the patient
Documentation to support exchange of key clinical information: what documentation was sent, name of the entity to whom the test was sent, the software and version of the EHR used by the receiving entity and a response from the receiving entity if the test was successful (effective for meaningful use attestations for 2010-2012 only as revised per Stage 2 legislation, effective 2013)
-
HIPAA Security risk analysis, including:
Physical inspection report
List of security deficiencies and how they were mitigated
Standards followed when conducting security risk analysis
How is encryption/security of data at rest addressed (Stage 2)
Screenshot or other applicable document that verifies that drug formulary was enabled, dated prior to the beginning of the EHR reporting period (Stage 1)
Name of the formulary vendor (for example: Surescripts)
List of the types of clinical lab tests incorporated into CEHRT
Screenshot or other applicable document of lab order, dated during the EHR reporting period
Patient list, description of how the patient list was generated and for what purpose
Email sent to Illinois Department of Public Health (IDPH) with test file for submission of electronic data
IDPH letter verifying test of electronic data was submitted or that ongoing transmission is occurring in a production mode
List of top five recipients of eRx and a Screenshot or other applicable document of the top five from the e-prescribing vendor (for example: Surescripts)
Health Care Survey (if selected)
Utilization of this document does not guarantee that the EP will pass a CMS or State of Illinois audit.