The Office of Inspector General (OIG) is considering including a review of EHR adoption and meaningful use as part of new public-health-related activities, according to its work plan for fiscal year 2015.
As part of a new review, OIG has already committed to determining how well hospitals comply with the contingency planning requirements under HIPAA. But the federal agency is considering expanded its EHR-related review activities.
“OIG’s future planning efforts may consider the significant challenges that exist with respect to overseeing expenditures for health IT, the interoperability and effective sharing and use of health care data for medical care, and emergency preparedness and response,” the federal agency within the Department of Health & Human Services (HHS) writes. “Future work may also examine practices intended to protect sensitive information and the broad use of data and technology to manage HHS programs.”
In particular, the OIG work plan identifies three areas that would include reviews of EHR adoption and meaningful use.
The first two pertain to the EHR Incentive Programs for Medicare and Medicaid. The main purpose of these reviews is to ensure that the Centers for Medicare & Medicaid Services (CMS) is disbursing EHR incentive payments correctly to eligible providers. For the Medicare EHR Incentive Program, OIG is considering a review of all EHR incentive payment data from 2011 to identify erroneous payments and payment activities. Given the differences between the Medicare and Medicaid EHR Incentive Programs, the review of the latter would only take into account information relative to the adopt, implement, or upgrade (AIU) requirements and the 90-percent federal match component for state administrative expenses.
The final component will center on the security of certified EHR technology (CEHRT) used for meaningful use.
“We will perform audits of various covered entities receiving EHR incentive payments from CMS and their business associates, such as EHR cloud service providers, to determine whether they adequately protect electronic health information created or maintained by certified EHR technology,” the work plan indicates.
“Furthermore, business associates that transmit, process, and store EHRs for Medicare and Medicaid providers are playing a larger role in the protection of electronic health information,” OIG continues. “Therefore, audits of cloud service providers and other downstream service providers are necessary to ensure compliance with regulatory requirements and contractual agreements.”
Eligible professionals (EPs) and hospitals (EHs) are already the subject of audits administered by CMS and completed by Figliozzi and Co. To date, EHs and EPs have been the subject of over 650 and 10,000 unique audits, respectively, with varying degrees of success. Whereas hospitals have had a low failure rate of 4.9 percent for 613 completed audits, professionals have failed in 21.9 percent of approximately 8,000 completed audits.
As Inland Northwest Health Services Senior Director of Clinical Applications Mary Cheadle, RN, explained in an EHRIntelligence.com webcast last month, these audits are likely to continue as a result of these findings. “We’re pretty sure those audit numbers are going to fly up as people are failing and money is having to be sent back,” she said.
It is unclear how the involvement of OIG in auditing the EHR Incentive Programs would impact CMS’s own auditing procedures and the work that eligible providers must put in to meet the demands of auditors.
Read the full OIG 2015 work plan here.