Today I want to discuss EHR – electronic health records and RAC audits. We all remember the government pushing providers into purchasing EHR. It’s known as the meaningful use (MU) program, which is now known as the Promoting Interoperability Programs. CMS initially provided 10 incentives to accelerate the adoption of EHRs to meet program requirements. Now, physicians who fail to participate in MU will receive a penalty in the form of reduced Medicare reimbursements, at a minimum. Multiple audits at a maximum. Physicians must use certified electronic health records technology (CEHRT) and demonstrate meaningful use through an attestation process at the end of each MU reporting period to avoid the penalty.
Audits for MU can equal tens of thousands of dollars. The monetary amount is not as high as other RAC audits for medical records. One of my clients is a pediatric facility in Georgia. His facility received an alleged overpayment of $34,000 for two of his physicians not meeting the meaningful use criteria 8 and 9. We were going to fight it, but the two physicians who were dinged had quit and would not testify positively on behalf of my client. Plus, attorneys’ fees would surpass the penalty. Criteria 8 and 9 constitute proving your consumer have email and actually open their emails to check their health care internet folders, which are ridiculous criteria.
On September 2, 2020, CMS published the Fiscal Year (FY) 2021 Medicare Hospital Inpatient Prospective Payment System (IPPS) for Acute Care Hospitals and Long-Term Care Hospital (LTCH) Prospective Payment System (PPS) Final Rule which included program requirements for calendar year (CY) 2021. In this final rule, CMS continued its advancement of EHR utilization, focusing on burden reduction, and improving interoperability, and patient access to health information.
Meaningful use’s not anticipated consequence is ramping up RAC audits. Many RAC auditors are using EHR to claim “copy and paste.” Obviously, the point of EHR is to morph all service notes into a certain standard-looking note. But standard-looking notes scream copy and paste to RAC auditors. Maybe RAC auditors haven’t digested meaningful use yet.
On August 2, 2021 CMS released the Fiscal Year (FY) 2022 Medicare Hospital Inpatient Prospective Payment System for Acute Care Hospitals and Long-term Care Hospital Prospective Payment System Final Rule. For more information on the proposed changes, visit the Federal Register.
COVID affected EHR audits too.
The deadline for eligible hospitals and critical access to submit a hardship exception application is September 1, 2021.
The audits of telehealth during COVID. OIG is conducting, at least, seven (7) nationwide audits of providers specific to telemedicine. These audits will review remote patient monitoring, virtual check-ins, and e-visits. In 2018, OIG issued a report regarding a 31% error rate of claims for telehealth – and that report was prior to the explosion of telemedicine in 2020 due to COVID. All providers who have billed telehealth during the public health emergency (“PHE”) should be prepared to undergo audits of those claims.
The following audit projects are as follows:
- Audits of behavioral health care telehealth in Medicaid managed care;
- Audits of Medicare Part B telehealth services during PHE;
- Audits of home health services provided as telehealth during the PHE;
- Audits of home health agencies’ challenges and strategies in responding to the PHE;
- Medicare telehealth services during PHE: Program Integrity Risks;
- Audits of telehealth services in Medicare Parts B (non-institutional services) and C (managed care) during the COVID-19 pandemic;
- Medicaid: Telehealth expansion during PHE.
Recently added to the “chopping block” of audits via OIG include Medicare payments for clinical diagnostic laboratory tests in 2020. OIG will also audit for accuracy of place-of-service codes on claims for Medicare Part B physician services when beneficiaries are inpatients under Part A. As it always seems is the case, home health and behavioral health care are big, red targets for all audits. Over the pandemic, telehealth became the “new norm.” Audits on telehealth will be forthcoming. Specifically in behavioral health, OIG announced that it will audit Medicaid applied behavior analysis for children diagnosed with autism.
On another note, I recently had a client undergo a meaningful use audit. Everyone knows the government provides incentives for using electronic records. In order to qualify for a meaningful use incentive you must meet 9 criteria. If you fail one criterion, you owe the money back. One of the biggest issue physicians have faced in an audit is demonstrating the “yes/no” requirements that call for attestation proving the security risk analysis was successfully met. In this particular case, opposing counsel was a GA state AG. The attorney told me that he had zero authority to negotiate the penalty amount. It was the first time another lawyer told me that the penalty was basically a “strict liability” issue, and since the funds were federal, the State of GA had no authority to reduce or remove the penalty. But there is an appeal process. It made no sense. In this case, the doctor didn’t want to pursue litigation. So, reluctantly, we paid. I am wondering if any of my readers have encountered this issue of no negotiations for meaningful use penalties.
EHR Incentive Payments: If the Practice is Accepting Them, There Better Be a Legal Assignment Contract!
Under the Medicare EHR incentive program, CMS makes incentive payments to individual providers, not to practices or groups. The same is true for Medicaid. According to CMS, the incentive payment is based on the provider’s meaningful use of the EHRs and does not constitute reimbursement for the expenses incurred in establishing EHRs. Prior to actual receipt of an incentive payment, a recipient may assign the payment to a third party, typically, the practice group of which the recipient is a member.
This is a question of equity. Legally, the incentive payments are made to physicians not practice groups. But if the facility bears the burden of the price tag of the computer software, which price tags are not nominal, shouldn’t the facility receive the incentive payments? CMS has made it clear that the incentive payments are not intended to subsidize the price of the software program and updates. Instead, the incentive payments are intended to reward the use of such computer software.
The facilities, generally, pay for the EHR incentive program software programs. Some programs can be as high as $50,000/month. And updated regulatory compliance is not guaranteed. See blog. Plus, the practice group can be held liable for non-compliance issues found in the EHR technology. If the facility is audited and any non-compliance is under-covered, most physicians will be indemnified by the facility for any alleged overpayment, and the facility will be on the hook for any alleged overpayment (depending on the employment relationship). This increased burden on the practice group is why many physicians assign their incentive payments to the facilities. But it has to be done in a legally compliant manner.
Recently, however, I have been contacted by multiple health care facilities which have accepted the EHR incentive payments on behalf of its employed physicians, but did not have adequate, legal assignment contracts to receive the EHR incentives on behalf of the providers. These facilities relied on old, outdated, generic, employment contracts as the basis for the facilities accepting these payments on behalf of the physicians. Not having appropriate assignment contracts with the physicians can make the facilities liable to the physicians for the money accepted on their behalf.
Generic employee contracts that simply state that the facility can bill for and receive reimbursements on behalf of the physicians do not constitute adequate legal authority to accept EHR incentive payments on behalf of physician-employees.
Facilities, in order to legally accept the incentive payments on behalf of their employee-physicians must (1) determine whether their physicians are eligible professionals; and (2) execute a legally binding assignment contract.
Eligible Professionals (“EPs”) must first determine whether they are exactly that – eligible professionals.
Eligible professionals under the Medicare EHR Incentive Program include:
- Doctor of medicine or osteopathy
- Doctor of dental surgery or dental medicine
- Doctor of podiatry
- Doctor of optometry
Who is an Eligible Professional under the Medicaid EHR Incentive Program?
Eligible professionals under the Medicaid EHR Incentive Program include:
- Physicians (primarily doctors of medicine and doctors of osteopathy)
- Nurse practitioner
- Certified nurse-midwife
- Physician assistant who furnishes services in a Federally Qualified Health Center or Rural Health Clinic that is led by a physician assistant.
To qualify for an incentive payment under the Medicaid EHR Incentive Program, an eligible professional must meet one of the following criteria:
- Have a minimum 30% Medicaid patient volume*
- Have a minimum 20% Medicaid patient volume, and is a pediatrician*
- Practice predominantly in a Federally Qualified Health Center or Rural Health Center and have a minimum 30% patient volume attributable to needy individuals
* Children’s Health Insurance Program (CHIP) patients do not count toward the Medicaid patient volume criteria.
Eligible for Both Programs?
Eligible professionals eligible for both the Medicare and Medicaid EHR Incentive Programs must choose which incentive program they wish to participate in when they register. Before 2015, an EP may switch programs only once after the first incentive payment is initiated. Most EPs will maximize their incentive payments by participating in the Medicaid EHR Incentive Program.
EPs can switch programs as often as they desire–until they receive their first payment. After receiving their first payment, they may only switch once between programs prior to 2015.
If you are part of a practice, each eligible professional may qualify for an incentive payment if each eligible professional successfully demonstrates meaningful use of certified EHR technology. Each eligible professional is only eligible for one incentive payment per year, regardless of how many practices or locations at which he or she provide services.
Hospital-based eligible professionals are not eligible for incentive payments. An eligible professional is considered hospital-based if 90% or more of his or her services are performed in a hospital inpatient (Place Of Service code 21) or emergency room (Place Of Service code 23) setting.
What language needs to be included in any assignment contracts?
A recent study by the American Hospital Association (AHA) found federal programs, including meaningful use, have cost health systems and post-acute care (PAC) providers nearly $39 billion a year. Small practices in particular have been hit hard by the added costs and administrative burden brought on by changing regulations. Studies have shown that small, specialty, non-hospital, facilities have carried the brunt of the financial burden for the EHR requirements.
Under the Medicaid incentive program, an EP may reassign incentive payments to “an entity promoting the adoption of certified EHR technology.” This term is defined as:
State-designated entities that are promoting the adoption of certified EHR technology by enabling oversight of the business, operational and legal issues involved in the adoption and implementation of certified EHR technology or by enabling the exchange and use of electronic clinical and administrative data between participating providers, in a secure manner, including maintaining the physical and organizational relationship integral to the adoption of certified EHR technology by eligible providers.
The Assignment Contract
At a minimum, the assignment language should address the following issues:
(1) Is the EP assigning all or a portion of the incentive payments to the facility? Be specific.
(2) Be clear on whether the facility or the EP must furnish the documentation necessary to establish meaningful use each year. In other words, denote who will be entering the data into the CMS or Medicaid website.
(3) Indicate whether the EP will consult with the facility in order to determine which incentive program will yield the higher possible payments – or – whether the decision rests with the facility.
(4) The assignment language should state, accurately, whether the facility expects to be designated as an “entity promoting the adoption of certified EHR technology.”
(5) The contract should state, accurately, whether there is or will be a valid contractual arrangement allowing the facility to bill for the EP’s services. Basically, if there is already an employment contract in place, this assignment contract can act as an addendum or exhibit to the original employment contract.
(6) Define the term of assignment with a start date and an end date.
Only after the the facility determines that the physicians are eligible to receive the EHR incentive payments AND a valid assignment contract is executed, can the facility legally accept the incentive payments on behalf of its physicians. If the facility accepts the incentive payments and the physicians are not eligible, the facility will owe money to the government. If the facility accepts the incentive payments without an assignment contract, the physicians could demand the payments from the practice.
Interestingly, how OIG and who OIG targets for audits is much more transparent than one would think. OIG tells you in advance (if you know where to look).
Prior to June 2017, the Office of Inspector General’s (OIG) OIG updated its public-facing Work Plan to reflect those adjustments once or twice each year. In order to enhance transparency around OIG’s continuous work planning efforts, effective June 15, 2017, OIG began updating its Work Plan website monthly.
Why is this important? I will even take it a step further…why is this information crucial for health care providers, such as you?
These monthly reports provide you with notice as to whether the type of provider you are will be on the radar for Medicare and Medicaid audits. And the notice provided is substantial. For example, in October 2017, OIG announced that it will investigate and audit specialty drug coverage and reimbursement in Medicaid – watch out pharmacies!!! But the notice also states that these audits of pharmacies for speciality drug coverage will not begin until 2019. So, pharmacies, you have over a year to ensure compliance with your records. Now don’t get me wrong… you should constantly self audit and ensure regulatory compliance. Notwithstanding, pharmacies are given a significant warning that – come 2019 – your speciality drug coverage programs better be spic and span.
Another provider type that will be on the radar – bariatric surgeons. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. Bariatric surgeons, however, get a bit less lead time. Audits for bariatric surgeons are scheduled to start in 2018. Considering that 2018 is little more than a month away, this information is less helpful. The OIG Work Plans do not specific enough to name a month in which the audits will begin…just sometime in 2018.
Where do you find such information? On the OIG Work Plan website. Click here. Once you are on the website, you will see the title at the top, “Work Plan.” Directly under the title are the “clickable” subjects: Recently Added | Active Work Plan Items | Work Plan Archive. Pick one and read.
You will see that CMS is not the only agency that OIG audits. It also audits the Food and Drug Administration and the Office of the Secretary, for example. But we are concerned with the audits of CMS.
Other targeted providers types coming up:
- Security of Certified Electronic Health Record Technology Under Meaningful Use
- States’ Collection of Rebates on Physician-Administered Drugs
- States’ Collection of Rebates for Drugs Dispensed to Medicaid MCO Enrollees
- Adult Day Health Care Services
- Oversight of States’ Medicaid Information Systems Security Controls
- States’ MCO Medicaid Drug Claims
- Incorrect Medical Assistance Days Claimed by Hospitals
- Selected Inpatient and Outpatient Billing Requirements
And the list goes on and on…
Do not think that if your health care provider type is not listed on the OIG website that you are safe from audits. As we all know, OIG is not the only entity that conducts regulatory audits. The States and its contracted vendors also audit, as well as the RACs, MICs, MACs, CERTs…
Never forget that whatever entity audits you, YOU HAVE APPEAL RIGHTS!
What is scarier than Pennywise, Annabelle, and Jigsaw combined? Getting sued for an EHR program mistake and getting audited for EHR eligibility when the money is already spent (most likely, on the EHR programs).
Without question, EHR programs have many amazing qualities. These programs save practices time and money and allow them to communicate instantly with insurers, hospitals, and referring physicians. Medical history has never been so easy to get, which can improve quality of care.
However, recently, there have been a few audits of EHR programs that have caused some bloodcurdling concerns and of which providers need to be aware of creepy cobwebs with the EHR programs and the incentive programs.
- According to multiple studies, EHR has been linked to patient injuries, which can result in medical malpractice issues; and
- In an audit by OIG, CMS was found to have inappropriately paid $729.4 million (12 percent of the total) in incentive payments to providers who did not meet meaningful use requirements, which means that CMS may be auditing providers who accepted the EHR incentive payments in the near future.
Since the implementation of the Health Information Technology for Economic and Clinical Health Act, which rewards providers with incentive payments to utilize electronic health record (EHR) computer programs, EHR use has skyrocketed. Providers who accept Medicare are even more incentivized to implement EHR programs because not using EHR programs lead to penalties.
I. Possible Liability Due to EHR Programs
A recent study by the The Doctors’ Company (TDC) found that the use of EHR has contributed to a number of patient injuries over the last 10 years. The study highlights why it is so important to have processes in place for back-up, cross-checking, and auditing the documentation in your EHRs.
Without question, the federal government pushed for physicians and hospitals to implement EHR programs quickly. Now 80% of physician practices use EHR programs. 90% of hospitals use EHR programs. But the federal government did not create EHR standards when it mandated the use of the programs. This resulted in vastly inconsistent EHR programs. These programs, for the most part, were not created by health care workers. The people who know whether the EHR programs work in real life – the providers – haven’t transformed the EHR programs into better programs based on reality. The programs are “take it or leave it” models created in a vacuum. This only makes sense because providers don’t write computer code, and the EHR technology is extremely esoteric. A revision to an EHR program probably takes an act of wizardry. Revitalizing the current EHR programs to be better suited to real life could take years.
There are always unanticipated consequences when new technology is implemented – didn’t we all learn this from the NCTracks implementation debacle? Now that was gruesome!
TDC study found that EHR programs may place more liability on the provider-users than pre-electronic databases.
The study states the following:
“In our study of 66 EHR-related claims from July 2014 through December 2016, we found that 50 percent of these claims were caused by system factors such as failure of drug or clinical decision support alerts and 58 percent of claims were caused by user factors such as copying and pasting progress notes.
This study was an update to our first analysis of EHR-related claims, a review of 97 claims that closed from January 2007 through June 2014.”
Another study published by the Journal of Patient Health studied more than 300,000 cases. Although it found that less than 1% of the total (248 cases) involved technology mistakes, more than 80% of those suits alleged harms of medium to intense severity. The researchers stressed that the 248 claims represented the “tip of an iceberg” because the vast majority of EHR-related cases, even those involving serious harm, never generate lawsuits.
Of those 248 claims that may have been the result of EHR-related mistakes, 31% were medication errors. For example, a transcription error in entering the data from a handwritten note. Diagnostic errors contributed to 28% of the claims. Inability to access records in an emergency setting accounted for another 31%. But systems aren’t entirely to blame. User error — such as data entry and copy-and-paste mistakes and alert fatigue — is also a big problem, showing up in 58% of the claims reviewed. Boo!
- Avoid copying and pasting; beware of templates.
- Do not just assume the EHR technology is correct. Cross check.
- Self audit
II. Possible Audit Exposure for Accepting EHR Incentive Payments
Not only do providers need to be careful in using the EHR technology, but if you did attest to Medicare or Medicaid EHR incentive programs, you may be audited.
In June 2017, the Office of Inspector General (OIG) audited CMS and its EHR incentive program. OIG found that “CMS did not always make EHR incentive payments to EPs [eligible professionals] in accordance with Federal requirements. On the basis of [OIG’s] sample results, [OIG] estimated that CMS inappropriately paid $729.4 million (12 percent of the total) in incentive payments to EPs who did not meet meaningful use requirements. These errors occurred because sampled EPs did not maintain support for their attestations. Furthermore, CMS conducted minimal documentation reviews, leaving the self-attestations of the EHR program vulnerable to abuse and misuse of Federal funds.”
OIG also found that CMS made EHR incentive payments totaling $2.3 million that were not in accordance with the program-year payment requirements when EPs switched between Medicare and Medicaid incentive programs.
OIG recommended that CMS review provider incentive payments to determine which providers did not meet meaningful use requirements and recover the estimated $729,424,395.
What this means for you (if you attested to EHR incentive payments) –
Be prepared for an audit.
If you are a physician practice, make sure that you have the legally adequate assignment contracts allowing you to collect incentive payments on behalf of your physicians. A general employment contract will , generally, not suffice.
Double check that your EHR program was deemed certified. Do not just take the salesperson’s word for it. You can check whether your EHR program is certified here.
If you accepted Medicaid EHR incentive payments be sure that you met all eligibility requirements and that you have the documentation to prove it. Same with Medicare. These two programs had different eligibility qualifications.
Following these tips can save you from a spine-tingling trick from Pennywise!