CynergisTek CEO Mac McMillan recently spoke with Dr. Kyle Murphy of EHRIntelligence to discuss why Meaningful Use (MU) audits are evolving and becoming necessary as MU Stage 2 gets closer. The Centers for Medicare & Medicaid Services (CMS) are in the process of auditing to verify if providers truly met MU requirements when they attested Stage 1. As more audits are conducted, the more complex the audits become. McMillan sheds some insight, “When it first started, it was no more than a set of questions and paper trail. Today it has evolved because they received some incentive from the OIG to do a better job.”
Now that CMS and Figliozzi & Co. have conducted more audits, details are readily becoming available and the audits are becoming more thorough. McMillan says, “It has morphed into more of a very detailed audit. When Figliozzi sends out the notification, the organization has basically two weeks to provide answers to the questions and the documentation that is requested, and then they send a team of anywhere from three to four individuals on site to conduct a very detailed audit into the numbers that were submitted.”
McMillan adds that by conducting audits closer to one year out, Figliozzi & Co. are able to review the entire attestation process, and more importantly can look at how the organization remediated (or did not remediate) their security threats that were identified during the required risk analysis. CMS realizes that conducting a risk assessment can be a challenge for larger organizations because the responsible parties for their MU incentive program typically is the clinical team and they are not always the same party responsible for privacy and security. Since they are not involved in privacy and security, conducting a risk assessment is someone else’s responsbility and not always a top priority. McMillan also says that it can be even more of a challenge for smaller providers with a lack of resources. Regardless of size and challenges, providers need to prepare their ability to respond to a MU audit as Stage 2 approaches and audits become more thorough.