More EHR Audits coming in 2015

magnifier-glass-iconsExpect EHR audits in 2015.  The Office of the Inspector General (OIG) has requested a $400 million budget for 2015.  Part of this budget will be spent on 284 new full time employees to help bolster their audits and reviews with much scrutiny on IT security and electronic health records.  Daniel Levinson, the US Inspector General, stated that, “OIG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities.”

Audits for general healthcare fraud will continue and new 2015 priorities include audits for cloud service providers ensuring they are providing adequate security, and review of Medicaid/Medicare EHR incentive recipients to make sure payments should have been received.  OIG is considering reviewing all EHR incentive payment data since 2011 to identify erroneous payments.  They will be putting in place forensic enhancements and using sophisticated data analytics.

In 2014, OIG found the Louisiana Department of Health and Human Services wrongly claimed EHR incentive payments. The audit showed that approximately 80 percent of the state’s hospitals failed to comply with federal regulations. To date, Eligible Hospitals and Eligible Providers have been the subject of over 650 and 10,000 unique CMS audits, respectively.  At this time it is not clear how OIG’s involvement in auditing the EHR Incentive Programs would impact CMS’s auditing procedures.

The Department of Health & Human Services (HHS) stated, “OIG’s future planning efforts may consider the significant challenges that exist with respect to overseeing expenditures for health IT, the interoperability and effective sharing and use of health care data for medical care, and emergency preparedness and response.”   As such, one final part OIG’s plans for the new year will be to look closely at the security of certified electronic health record technology (CEHRT) used for meaningful use to make sure that information is adequately protected.