CMS announced in January, after a critical OIG audit report, that Eligible Providers, Eligible Hospitals and Critical Access Hospitals who have purchased and implemented an electronic health record (EHR) system and attested to meaningful use of that EHR may be subjected to an audit before they see an incentive payment. Here’s today’s big TIP — Learn the exact requirement for Risk Analysis documentation.
HIPAA Risk Analysis Tip – Eligible Provider EHR Pre-Payment Audit Document Request
Several of our clients have learned that they have been chosen by The Centers for Medicare & Medicaid Services (CMS) that they will be audited before CMS will be making incentive payments.
As we report in a post entitled HIPAA Risk Analysis Tip – EHR Pre- and Post-Payment Audits, CMS has targeted 5 to 10 percent of those who attested to Meaningful Use in January 2013 to be audited before receiving any payments.
Providers who receive an EHR incentive payment for either the Medicare or Medicaid EHR Incentive Program potentially may be subject to an audit. Eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) should retain ALL relevant supporting documentation (in either paper or electronic format) used in the completion of the Attestation Module responses.
The specific CMS Eligible Provider EHR Pre-Payment Audit Document Request List covers the requirements related to a HIPAA Risk Analysis (Core Objective #15 for Eligible Professionals and Core Objective #14 for Eligible Hospitals and Critical Access Hospitals) along with other general information, core objective and menu set objectives/measures.
As a reminder, post-payment audits are not going away. An additional 5 to 10 percent of physicians and others will be subject to post-payment audits, according to Holland. The audits are being conducted by Garden City, NY-based CPA firm Figliozzi and Company.
Watch Our Recorded, On Demand Webinar
Download HIPAA Risk Analysis Buyer’s Guide Checklist
We are often asked, “How do I go about selecting a reputable firm to complete a bona fide HIPAA Security Risk Analysis?” This HIPAA Risk Analysis Buyer’s Guide Checklist is an easy-to-use tool to assist you in comparing alternative solutions and making your selection.
Other Help Getting Started With Your Bona Fide HIPAA Risk Analysis
Over the years, we’ve helped 100s of organizations complete their HIPAA Risk Analysis. Please benefit from our HIPAA Risk Analysis expertise by:
- Risk Analysis Buyer’s Guide
- Expert 2nd Opinion on Your HIPAA Risk Analysis
- Clearwater Compliance White Paper: Risky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis
- Clearwater Recorded Webinar event entitled How to Conduct a Bona Fide HIPAA Security Risk Analysis
- IRM|Analysis™- Clearwater’s Risk Analysis and Risk Management software DataSheet
- IRM|Analysis™- Clearwater’s Risk Analysis and Risk Management software Free Trial for qualified organizations
- More Risk Analysis Resources
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – What Level of Detail is Adequate? - April 29, 2017
- HIPAA Risk Analysis Tip – How Comprehensive Must Your HIPAA Security Risk Analysis Be? - April 25, 2017
- HIPAA Risk Analysis Tip – Does OCR really use the “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”? - April 23, 2017