How to Prepare for a Meaningful Use Audit

August 8, 2013

Have you already spent the incentive payment you’ve received?  If so, then you may want to consider this:

The odds of getting audited by the IRS in your lifetime are approximately 1 in 100. The odds of getting a meaningful use audit by CMS as related to your incentive payment(s) can be as high as 1 out of every 10. Preparation has always been one of life’s greatest defense mechanisms, and a government related audit is no exception!

Here are some facts:

  • Any provider participating in the meaningful use incentive program could be subject to an audit.
  • Providers started participating in MU in 2011. Stage one potential payment is up to $18,000 for the Medicare program, and $21,250 for Medicaid. *Up to 31 billion will be spent on the HITECH program.
  • CMS started conducting post payment audits in mid-2012.
  • In 2013, CMS started conducting prepayment audits in addition to the post payment audits.
  • Pre-payment audits can be random or target specific scenarios.
  • Checks will not be issued until pre-payment audits have been satisfied.
  • Checks may need to be refunded should you fail a post payment audit.
  • Supporting documentation must be submitted for both pre and post audits.
  • CMS contracted with Figliozzi and Company, an independent third party who will conduct audits for the Medicare program.
  • Individual states (or represented contractors) will audit providers participating in the Medicaid program. *Providers participating in the Medicaid program should contact their state Medicaid Agency for audit details.
  • Medicare providers will receive a letter via email from Figliozzi and Company *The letter will be sent to the email used when registering for the program. Figliozzi will be requesting supporting documentation to be sent to the address provided.

Armed with the above mentioned knowledge, you may now realize what the potential for an audit can be as a provider who is participating in the meaningful use incentive program, and what some of the implications are at this time. The intention is not to share information as a scare tactic, but rather as a tool to inform providers so that they may appropriately prepare for such an event, placing you in a position to successfully complete the audit should you be selected for such review and assessment of your participation within this program. With that said, here is some additional insight to help assist you in your quest for preparation:

Before you attest:

  • Prior to attesting, make sure that you store all of your supporting documentation in a secure place. You will need to keep this information for (6) years after attestation. Upon request, it is the provider’s responsibility to deliver documentation that supports the information reported to CMS for the meaningful use objectives, as well as the clinical quality measures.
  • Do not rely on the ability to rerun the same reports a year later from your EHR in the event of an audit. Store these reports and all other documentation in a secure location.


  • Letters are sent via email to the participating provider from Figliozzi and Company. They are using the email address that was used when registering for the MU program. Make sure that this email is checked regularly and also keep an eye on your spam folder. If the email provided is no longer used, or the attestation was done on the provider’s behalf by a staff member that no longer works for the practice, be sure to contact the CMS EHR Information center at 888-734-6433 to update this information.
  • Providers may contact a CMS at 888-734-6433 to appeal the decision received through Figliozzi.
  • You are given just two weeks to respond, so be diligent in your follow through.
  • You may request an extension from Figliozzi if needed.
  • Ask your vendor if they have a direct contact for audit assistance.

Items you may be asked to provide:

  • You may be asked to provide proof that your system is listed with the certified EHR list on the ONC website.  (Or request a letter from the vendor)
  • Be prepared with a report generated by your system which reflects the numerator and denominator for calculated core/menu measures and CQM measures. This report should reflect the time frame, as well as proof that your patient data was used to generate this. You may be asked to report items such as vendor/system, logo, practice name, provider name or NPI within this.  You may need to contact your vendor for a letter if what they are requesting is not possible.
  • Be prepared to provide proof for yes/no attestation measures if possible. For example: The list generated for the menu measure “patient list” should be saved securely. Only provide what was requested and necessary. Figliozzi is not requesting and should not be provided with PHI. *A secure means of transmission will be provided if needed. Additional information or a site visit may be required if the original supporting documentation was not sufficient
  • Always be sure to provide documentation of the meaningful use security risk analysis. This is due every year.
  • Be sure to keep a dated screenshot for the Yes/No attestation measures that could be difficult to prove. Ex.: Was your CDS functionality active during this time frame or was your drug interaction checker turned on? Screenshot the system setting and the functionality in action (*Watch that PHI). Also use your system’s audit trail if it has one.
  • Be sure to provide the licensing agreement with vendor or invoice – Contact your vendor if needed

It has been said that the best way to predict the future is to create it. Through consistent awareness and due diligence in understanding the requirements as related to meaningful use you can ensure you are appropriately prepared for your potential audit. Document, report, and store your information both for your own record of attestation, as well as for verification and confirmation via government audits should the need arise. Create your future outcome of a government audit by preparing now. Then, should you find yourself in that 10% selected for an audit, and have taken into account all of the requirements set forth, you will undoubtedly be able to say, “Yes!” to the question of whether or not you are well prepared and ready, and will further find yourself with no worries in having spent those incentive dollars!