Even with meaningful use regulations being in use, there have been cases of fraud by the healthcare providers such as the one wherein the CFO of a leading hospital pleaded guilty to lying about meaningful use for Medicare payments. The former chief financial officer of Shelby Regional Medical Centre, Texas, now-closed, pleaded guilty to wrongly claiming EHR incentive money. Joe White, the CFO while overseeing the hospital’s EHR implementation, falsely attested to the Centre for Medicare & Medicaid Services that the medical centre met meaningful use requirements for the 2012 fiscal year. This helped them to receive $785,655 in payments while the hospital actually relied on paper records throughout the fiscal year of 2012 and only minimally used an EHR. This fraud involved software vendors and hospital employees who manually transferred data of patients who were already discharged into electronic health record at the end of the fiscal year.

Six Texas hospitals operated by the same individual were paid $16.8 million in meaningful use incentives for fiscal years 2011 and 2012 in this case. However, with federal govt rolling out dollars to providers to adopt electronic health record systems, there is a possibility of more cases such as this. Further, under the HITECH Act, to obtain financial incentives from Medicare or Medicaid, healthcare establishments and providers must submit detailed documents that attest to meeting the requirements for the program, including conducting a HIPAA security risk assessment.

While such frauds on the part of the Healthcare provider and hospitals work as a wakeup call, the federal authorities need to take action to crack down such abuse of HITECH Act. The Office of Inspector General demands eligible hospitals and critical access hospitals to demonstrate they’re using certified EHR technology in ways that can be measured significantly in quantity and in quality. The use of Aegify solutions will help these healthcare providers and hospitals to demonstrate meaningful use through simplified methods.

Aegify is a powerful, simple-to-use, cloud-based solution, that provides necessary expertise to assess, analyze and mitigate regulation risk and move towards on-going HIPAA/HITECH compliance. This tool help the healthcare providers demonstrate meaningful use of their EHR and help them secure federal grants.

The post Adopting a Guilt-Free Method to Demonstrate Meaningful Use of EHR appeared first on Aegify.

With the federal money flowing in the form of EHR incentive program, hospitals, providers, vendors and consultants are working their way to a meaningful use of EHR. Nevertheless, if a hospital or medical practitioner accepts the federal money to put EHR to meaningful use, they must also prove it by using appropriate electronic tools as per the norms put across by the Center of Medicare and Medicaid Services. Further, incidents such as those that occurred at Shelby Regional Medical Center in Texas, and Detroit Medical Center that led to heavy data leakage and financial loss, demands that the healthcare providers, their business associates and vendors consider meaningful use of electronic patient health records as a compliance requirement. In the wake of such requirement, the eligible professionals, hospitals, and critical access healthcare centres were asked to maintain relevant documentation to support this activity.

Besides, as Daniel R. Levinson, U.S. inspector general points out, among the important changes that are taking place across the healthcare industry there is an emphasis on coordinated care and increased use of electronic health records. The OIG will therefore need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and also customizable to protect programs and patients from existing and new vulnerabilities. The OIG audits till date have discovered that the state agency overpaid 13 hospitals, $3.1 million in federal EHR cash. The payment errors were found to be the result of unclear and incorrect patient volume calculations. Further, nearly 80 % of the state’s hospitals analyzed in the audit also failed to comply with federal regulations.

By 2015, OIG will therefore need to leverage data analytics and “forensic enhancements” to investigate the increasingly sophisticated healthcare frauds, including the electronic health records in the process.

The OIG authorities will not only perform audits of various covered entities receiving the EHR, but will also look into factors such as:

• Identify EHR system fraud and determine if  EHR systems address vulnerabilities
• Review Medicaid and Medicare EHR incentive payments
• Analyze the IT security of community health centers funded by the Health Resources and Services Administration.
• Regular review of the Centers for Medicare & Medicaid Services health information technology systems to cross check on necessary security controls.

Besides these, conducting mock audits will help the healthcare providers to stay prepared to face both pre-payment and post-payment audits. However, it is also prudent for enterprises to implement a comprehensive and an effective solution. Security solution like the Aegify Security Posture Management or Aegify SecureGRC offered by the leading service providers of IT Risk and Compliance management solutions will help the healthcare establishments to achieve meaningful use status with ease, while ensuring a near to nil breach of security protocol.

The post Healthcare Industry gears up to meet the EHR Audits in the New Year appeared first on Aegify.

Considering that these audits are random, he figured he was done with his turn last year. However, this is the second time in a row that that he has received another notification, indicating that it is not totally uncommon for healthcare enterprises to face a second meaningful use audit. Jeff Smith, director of federal affairs at CHIME, said the CIO trade organization doesn’t have data on frequency of audits, but pointed out that they were 94 facilities who received audit requests in a 2013 survey. Smith also mentioned that there were other hospitals to have been audited twice from the CMS auditors, once from Medicaid (state-based) and one more from HHS OIG.

Does CMS have any audit specifics?

Of those providers attesting for meaningful use, at least 5 percent are likely to undergo a CMS audit, with half of those being subjected to a pre-payment audit. Additionally, detailed documentation is an absolute necessity as CMS wants to ensure that providers are using certified EHR technology, take a closer look at MU reports for core and menu attestation data, and check copies of security assessments.

While CMS won’t actually discuss specific audits, a spokesperson did provide some information related to the incentive program. According to CMS, the attestations submitted during and after January 2013 by Medicare providers may have to endure pre-payment audits. These pre-payment audits will include random audits, as well as audits that target anomalous data. CMS also stated that those providers selected for pre-payment audits will need to provide supporting documentation to validate the submitted attestation data before releasing payment. CMS will continue to conduct post-payment audits during the course of the EHR Incentive Programs. All providers selected for post-payment audits need to submit supporting documentation to validate their submitted attestation data.

Are you prepared?

Of those providers attesting for meaningful use, at least 5 percent are likely to undergo a CMS audit, with half of those being subjected to a pre-payment audit. Additionally, detailed documentation is an absolute necessity as CMS wants to ensure that providers are using certified EHR technology, take a closer look at MU reports for core and menu attestation data, and check copies of security assessments.

While CMS won’t actually discuss specific audits, a spokesperson did provide some information related to the incentive program. According to CMS, the attestations submitted during and after January 2013 by Medicare providers may have to endure pre-payment audits. These pre-payment audits will include random audits, as well as audits that target anomalous data. CMS also stated that those providers selected for pre-payment audits will need to provide supporting documentation to validate the submitted attestation data before releasing payment. CMS will continue to conduct post-payment audits during the course of the EHR Incentive Programs. All providers selected for post-payment audits need to submit supporting documentation to validate their submitted attestation data.

Handling MU Audits Twice

Johnson feels that the random MU audits are not really random, bringing a tremendous amount of make-work and sleepless nights. However, on the other hand, having already gained some first-hand experience the first time around, the second time audit preparations can be completed quickly. Being audited for the second time, he adds that the other advantage is that the hospital’s auditors are happy as they don’t have to worry about putting a reserve in case there is an audit. Believing that he had the right formula to satisfy them, Johnson also stated that the auditors were not actually evaluating his responses but rather looking to check if an issue was identified and addressed.

Stay Prepared

With the likelihood of audits increasing, it is best to always stay prepared. After submitting for attestation, the auditors can knock on your door at any time. Either, prior to or after receiving the incentive payment – an audit can occur anytime up to six years. It is thus best to be prepared and ensure that your documentation and your enterprise are in order. What will also prove beneficial is the adoption of a unified and comprehensive solution such as Aegify Security Posture Management or Aegify SecureGRC that can help organizations remain continually secure and compliant. The meaningful use assessment in Aegify SecureGRC will help sail through these audits very smoothly. Aegify SecureGRC provides has a built-in repository for policies, best practices and citation guidance with quick access to documentation and evidences from a central repository for pre/post audits, making the whole process simple and efficient.

The post Are MU Audits Causing Nightmares for CIOs? appeared first on Aegify.

As per the indictment which was made in November last year, Joe White the former CFO of Shelby Regional had falsely attested to CMS that the entity met meaningful use requirements for the fiscal year 2012, thereby receiving payments of $785,655. However, according to officials, the entity had only used paper records throughout the fiscal year and only made minimal use of EHR, and in order to make it appear that the hospital was using MU-certified technology, had directed its software vendor and hospital staff to manually input data from paper records into EHR software, months after patients were discharged or at the end of the fiscal year.

Moreover, according to officials, White falsely attested to meaningful use, using the name and information of another person without that individual’s consent or authorization. A noteworthy fact is that the hospital was shut down in 2013 following the investigation of its MD Tariq Mahmood for healthcare fraud. Six hospitals operated by Mahmood in Texas received $16.8 million in meaningful use incentives during the fiscal years 2011 and 2012.

As on date, CMS has paid eligible providers and hospitals more than $19.2 billion for attesting to meaningful use requirements. With more emphasis on the adoption of electronic health systems and with more and more federal dollars made available to providers to adopt these systems, the US Department of Health and Human Services Office of Inspector General is expecting to see more cases such as this one.

Joe White may face up to five years in federal prison if convicted for making false statements and up to two years for aggravated identity theft. Any type of healthcare fraud is bound to invite stringent legal action. But the truth is that this Texas hospital could have avoided this incident altogether if it had put in place, a comprehensive security solution like Aegify Security Posture Management or Aegify SecureGRC, which could have helped achieve meaningful use status with ease, and also ensured that there is no breach of security protocol.

The post False Attestation to Meaningful Use by Texas Hospital appeared first on Aegify.