CMS launched its program to audit meaningful use participants in July. The ONC Privacy officer announced it will audit ten percent of meaningful use recipients to see if they have complied with the appropriate criteria. Practices will have two weeks to comply and will have to refund the money if found to be negligent in any one area.

Accounting firm Figliozzi & Company, a New York firm, are conducting the audits. The firm sends letters to practices requesting documentation to support their attestation, such as: Documentation from the ONC to show they used a certified EHR system during attestation; Information about emergency department admissions; and documentation that the provider completed the appropriate number of core and menu measures. At this time the audits will not require site visits.

Keep in mind that meaningful use core item 15 requires providers to conduct or a review a security risk assessment as required by the HIPAA security rule. Failure to conduct a risk assessment and produce the required documentation could result in forfeiture of any meaningful use monies received. Be sure your practice has conducted a risk assessment based on the NIST 800-30 standard. A simple check list or vulnerability scan is not sufficient.

Do not neglect your risk assessment if you are attesting for meaningful use. Please feel free to contact us at info@xlemr.com if you need help. Prices start just below $1000 for small practices, and our consultants can complete a baseline assessment in about four hours. Don’t gamble with your meaningful use payments, let us help.