Meaningful Use Audits and Appeals

Meaningful Use Expert, Jim Tate, has a really interesting post up on his Meaningful Use Audits website that shares some of the details CMS offered on the EHR incentive audits and appeals process. I know many of my readers are worried about the meaningful use audits and are interested in these details.

You can go and read Jim’s full post for all the details, but I wanted to highlight a few of the items he mentions.

First, CMS said that 5-10% of providers will be subject to pre/post-payment EHR incentive audits. Jim calls this casting a “wide net” for the MU audits. Considering meaningful use stage 1, it makes some sense why the MU audit net would be cast wide. I’m sure many who read this have a friend who’s been through the audit.

I was really intrigued that CMS said “If a provider continues to exhibit suspicious/anomalous data, could be subject to successive audits.” This reminded me of something my brother said about the military. He said that if you got your uniform inspection right the first couple times, then the officers would stop looking at you quite as much. However, if you had something wrong at first, be ready to be scrutinized. It seems like CMS is taking a similar approach. As in most things in life, it’s just better to be honest and accurate. Then, you don’t have to look over your shoulder.

Jim also notes that CMS said that no risk profile will be made public. Basically, we aren’t going to get any clue into how they chose who to audit. Plus, Jim notes that the only next step if you fail an meaningful use audit is to file an appeal.

As long as we have meaningful use tied to EHR incentive money and payment adjustments, I don’t see these MU audits going anywhere. So, if you’re attesting to meaningful use, make sure you’re prepared for an MU audit if it comes.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • I’m not sure why you’d be surprised that someone who continues to show suspicious data would continue to be scrutinized. That just seems to make sense.

    Most times the Gov gives out money, they are going to make it in exchange for something.

    Definitely when giving money do docs, this is the case – be it reimbursements or MU payments.

    What I’ve seen in the private practice world is so many docs ignore the security risk assessment (SRA), CMS know they can nail a high percentage on this failure.

    Plus, the auditors are merely CPAs (no offense), the point being they are generally not very tech savvy, so them looking over an SRA is…well…let’s just say, if they see a two page SRA when they are used to seeing 10 to 20 page SRAs, your 2 pager is going to stick out like a sore thumb.

    Most of the data in attestation is blatantly obvious pass/fail. The SRA isn’t as clear cut.

    The moral of this story is, do a proper SRA…actually, have somebody who knows what they are doing, do a proper SRA.

  • I didn’t say I was surprised. I said I was intrigued. I think it’s likely most intriguing that they actually came out and admitted it.

    I definitely think they should be held accountable.

  • When most of us think of an audit, we assume we gather all of our records and truck into the friendly, local IRS office for a grilling. In reality, there are many different types and styles of audits.

    In this case, the audit firm mails a form to the provider and asks for information. For most, that will be the end of it. For others, there may be additional emails, or site visit. For those whose books don’t seem kosher, there are several, disagreeable consequences. CMS has outlined the process at:

    As for the MU auditors, CMS is using Figliozzi and co, which is a healthcare audit specialist with experience in reviewing Medicaid and Medicare claims and their systems:

    John Brewer is correct about SRAs being overlooked. Doing so is a self-inflicted wound.

Click here to post a comment