MIPS Audits - Don’t Get Caught Unprepared!
Posted by Raffie Sescon
The Centers for Medicare and Medicaid Services (CMS) recently contracted with Guidehouse to conduct data validation and audits of some Merit-Based Incentive Payment System (MIPS) eligible clinicians. MIPS eligible clinicians are now required by regulation to comply with data sharing requests. Those selected for an audit will have 45 days from the date of the notice to provide the requested information.
Your Practice is Always At Risk
As another QPP performance year ended last Dec. 31, 2018. CMS might tap your practice for a possible audit anytime if you submitted data for the performance years 2017 and 2018. An eligible clinician (EC) is subject to a MIPS audit for up to 6 years after the performance period ends.
Because the Centers for Medicare and Medicaid Services have shelled out about $19 million of their $27 million budget, the agency now aims to enforce a more accurate and more appropriate data submitted to MIPS. But is your practice ready for a possible audit?
To avoid your being caught off guard, we’ve gathered seven strategies to help you comply, and for the process to go smoothly in the event of an audit:
1. Expect an audit anytime
When you submit your MIPS data to CMS, it may now be subject to validation and auditing. Make sure your office retains all documents auditors will request so you meet the specific requirements
2. Handle the audit promptly
Complying with an audit comes with a long list of tasks to prove every transaction, which can be tedious, but it is crucial that you do not lash out at the auditor and respond to the audit request within 14 days.
3. Closely monitor the audit
While you might want your practice manager to take control of the audit, make sure you are involved and knowledgeable so nothing slips through the cracks. The first step is to monitor your email since the notification for audit could be sent via email.
4. Avoid discrepancies
The main thing auditors look for are discrepancies between data submitted during the attestation process and what was actually done. The auditor will request a document list, so make sure you provide all the documents needed in a timely manner.
5. Ensure EHR certification
Make sure you have certification from your vendor confirming the current version of your EHR system and confirm whether your system is upgraded or if you changed your certification.
6. Maintain accurate documentation
Above all, it is critical to have an auditable source of all data used for registering and attesting to MIPS. Prepare a checklist of the important documents needed.
7. Complete a Security Risk Assessment
This is an area that trips many physicians because, even though it is mandatory to implement HIPAA, it’s something many are still unfamiliar with. Neglecting the risk assessment not only places you at risk of paying back incentive money, but also incurring a penalty from the Department of Health and Human Service’s Office for civil rights violation.
Be MIPS audit ready—avoid penalties and increase incentives!