By Jim Tate, EMR Advocate and Meaningful Use Audit Expert
Twitter: @JimTate
eMail: audits@emradvocate.com
Website: www.meaningfuluseaudits.com
I recently wrote two posts on the importance of conducing a mock audit in avoiding or mitigating an audit of your CMS EHR Incentives. Both posts can be found on our blog, Mock Audits: Time to Get Serious.
I’ve been working with hospitals since CMS contracted Figliozzi & Company to start conducting audits two years ago and launched a mock audit process this year. I also spoke with Elizabeth Holland (director CMS’ Health IT Initiatives Group) and Robert Anthony (deputy director of CMS’ Health IT Initiatives Group) at HIMSS this year and here’s what they told me: The majority of failed audits occur either for lack of having documentation of the MU measures or the Security Risk Analysis.
To address this critical documentation issue, we’ve now added a review of the Security Risk Assessment to our Mock Audit Services. This review will be conducted by one of the leading healthcare Security and HIPAA specialists in the field. A documented review of your Security Risk Assessment, with mitigation suggestions if necessary, will be included in your final Mock Audit Report.
Here is our Sample Scope of Work for an EHR Incentive Mock Audit:
- Mock audit of EHR Incentive attestation(s) based on requirements, tools, and processes employed by current CMS EHR Incentive audit contractor.
- Provide clarification and guidance on proper documentation of MU attestation process, document production, and storage.
- Detailed Review of the Security Risk Assessment.
- Provide mitigation, if necessary and possible, to assure attestation documentation is prepared to address any future CMS EHR Incentive audit inquiry.
- Delivery of Executive Summary after completion of audit including identified risks and mitigation advice
If you are interested in learning more about conducting a mock audit for your organization, please contact me at audits@emradvocate.com.
