Tips for Successful MU Attestation – Meaningful Use Monday

Lynn Scheps is Vice President, Government Affairs at EHR vendor SRSsoft. In this role, Lynn has been a Voice of Physicians and SRSsoft users in Washington during the formulation of the meaningful use criteria. Lynn is currently working to assist SRSsoft users interested in showing meaningful use and receiving the EHR incentive money. Check out Lynn’s previous Meaningful Use Monday posts.

Having just experienced the attestation process firsthand as I watched an SRS client successfully attest to meaningful use, I am happy to report that this part of demonstrating meaningful use is relatively easy—a bit tedious if you are attesting for multiple providers, but not at all difficult. CMS has created a user-friendly, web-based attestation system. Assuming that your EHR provides the information you need in a useful format, you have successfully met all the required measures, and you come prepared, there should be no reason to have an unsuccessful attestation.

Here are some tips that will ensure your success:

  • Register in advance: Even though you can register as late as at the time of attestation, the combined task would be overwhelming—particularly if you are attesting “on behalf of” a provider. Registering in advance ensures that everything is up-to-date in NPPES and PECOS and that you have all the necessary information.
  • Make sure that all measures have been met: If your EHR does not show the percentages for measures that have thresholds, do the math yourself to verify your success on each one. CMS offers a worksheet that you might find helpful for this purpose. Verify that you have also met all other (non-numerical) measures. If you fail to satisfy even one measure, do not attest now—go back and try another reporting period.
  • Have documentation for each provider:
    – Registration confirmation page with registration ID#

    – Password

    – EHR certification number

    – Reporting period dates (make sure it covers at least 90 days)

    – Printout of all meaningful use measures: numerators and denominators, exclusions and reasons

      (when there is more than one possible reason)

    – Clinical Quality Measure report: numerators, denominators, exclusions

  • Do not hit “Submit” until you have reviewed the “Attestation Summary” page: Double check your data. Make sure that you have said “yes” to all yes/no measures and that your numbers are entered accurately. The summary page does not display percentages, so you have to do the math yourself to be sure that you meet the thresholds.
  • Submit attestation and print the “Submission Receipt” as confirmation: If you have done everything correctly it will state that “all measures are accepted and meet MU minimum standards.”

While not necessary, I highly recommend having a second person help you attest. A second set of eyes will shorten the time the process takes and will reduce the potential for errors in posting your data.

About the author

Lynn Scheps

Lynn Scheps

Lynn Scheps is Vice President, Government Affairs at EHR vendor SRSsoft. In this role, Lynn has been a Voice of Physicians and SRSsoft users in Washington during the formulation of the meaningful use criteria. Lynn is currently working to assist SRSsoft users interested in showing meaningful use and receiving the EHR incentive money.


  • Having done my share of attestation for providers, the attestation system is pretty easy to use but so easy to make a data entry error. I think the main advice I want to echo is to have a 2nd person watch over the person typing the measurements in. Also, don’t forget to put together an Audit Packet. I provide a Audit Checklist for my customers and ensure that is done before a payment year is closed out.

  • Sure is easy…to input…if you have your act together.

    As someone who has helped many with the risk analysis, I’ve seen lots of issues.

    The risk analysis for most is an after thought, and most of my customers scrambled at the last moment to complete this.

    Actually running reports to check the numbers is the #1 smartest thing an office can do…as this will point to the big issues at hand.

    The other big gotcha is the testing of the exchange of key clinical information.
    Whoops…forgot to do it, and can’t go back in time to do it.

    When you wait until the last second at the end of the year, you really set yourself up for failure since you can’t roll your 90 day window by a week.

  • John, agreed. When we help practices, the full life cycle invovles MU Gap assessment, creation of a most efficient and effective MU plan (reporting period, what measures to use, etc.), then execute on that plan. We scale by using our own product to track all that. Attesting is simple but getting to that point is not for most providers.

  • Great article and comments.

    Halfway through our 90 day period we did a “practice run” through the attestation process. That allowed us to clarify some murky issues and make some adjustments along the way with plenty of time. Then there were no surprises when we did the real thing.

  • I have been doing MU consulting and I agree with the second pair of eyes. I recommend that my clients complete certification ASAP. Doing the math, there is not enough money budgeted to cover every physician in the country (I did the math). In these days of extreme borrowing and looming cuts, and the Supreme Court challenge, these incentives could be short-lived. Don’t be the last group to apply.

    I strongly encourage my colleagues to carefully document compliance with each measure. It can be as simple as a printout provided by the EMR. Some measures require more than that. For instance, the core measure requiring at least one search by disease state – certainly run the report, then save it!

    When doing the security audit (Core 15), there are 5 subsections: Confidentiality, Data Integrity, Availability, Admin. Safeguards, and Physical Safeguards. There and about 45 specific questions (and your answers) for these sections outlined in the Federal Register. This should be documented and held at the practice location.

    The measure also requires an employee sanction policy for security breaches. Who among us does not have an employee whose password is written down on a post-it and placed under his keyboard, or coffee cup? How many passwords include your child’s name, abc123, or some other easily guessed name? You see my point. If you ever have an audit, this will be the easiest section to fail. CMS now has a article on its website describing the auditing they plan to do.

    I provide a documentation binder, which runs over 50 pages by the time we complete the MU certification. I also include a prinout of all the screens in the attestation, so that I can enter the numbers ahead of time, and check and recheck them to reduce error.

    I also provide a detailed gap analysis with specific measures to be taken to complete Meaningful Use, as most practices on the first go-around do not fulfill all the criteria.

    Thankyou for starting a discussion on an important topic.

Click here to post a comment