Skip to main content

 

Kareo Help Center

EHR Incentive Program Audit FAQ

Updated: 03/16/2021
Views: 121

Answers to the most common EHR Incentive Payment program audit questions.

Question Answer
Who could be audited? Clinicians who participate in an EHR Incentive Payment program, such as the Quality Payment Program and the Medicaid Promoting Interoperability programs may be subject to an audit.

Therefore, attesting clinicians are required to retain all supporting documentation used in their attestation for a minimum of six years post-attestation. 
What is the purpose of an audit? Audits ensure clinicians who received an incentive payments met the requirements.
How do I know if I was selected for an audit? You will receive an initial letter and email from a CMS contracted auditor. The letter will include the contractor’s contact information and the portal address where you will submit the requested supporting documentation. You may also be required to provide a Vendor Verification Letter.

Once the auditor reviews and evaluates the submitted supporting documentation, they will send an Audit Determination Letter to the clinician. The letter will explain the outcome of the audit.
How do I request a Vendor Verification Letter? Contact Kareo Support and provide a copy of the audit letter that details the items that should be addressed in the verification letter. This may include: the practice name, provider name, provider NPI, and practice location. You will also need to provide the reporting period you are being audited for and your contact information.

Kareo will provide a signed verification letter in 2 business days.
How do I prepare for an audit? Create an audit binder and save two versions of it: an electronic copy and a paper hardcopy in a three-ring binder.

The electronic copy should be saved in a shared folder or in the clinician’s own computer/laptop. The hardcopy version should be stored where important documentation for the practice is kept. 

Both versions of your audit folder should be exact duplicates of each other. This ensures that you have a backup in the event one version is inaccessible or lost.
What information should be included in the audit binder? You must save the documentation that supports the data submitted during your attestation. This includes:
  • A copy of your Quality Measures Report
    • The report should support the values (numerators and denominators) and reporting period entered in the attestation.
  • A copy of your Promoting Interoperability Report
    • The report should support the values (numerators and denominators) and reporting period entered in the attestation.
  • A copy of your Security Risk Assessment
    • This is a mandatory measure and one of the top reasons why providers fail an audit. Do not ignore this requirement.
  • Supporting documentation for your selected Improvement Activities.
  • If applicable, save supporting documentation if you are submitting data to Public Health Registries such as Immunization State Registries.
  • If applicable, save supporting documentation if you are participating in a Prescription Drug Monitoring Program (PDMP).
  • Supporting documentation for any claimed exclusion in the Promoting Interoperability report.
  • Drug Formulary Checks
    • Save screenshots of the Prescription Preferences page. Screenshots must be dated during the reporting period selected for attestation.
  • Clinical Decision Support
    • Save screenshots of the Clinical Decision Support page. Screenshots must be dated during the reporting period selected for attestation.

Note: Some certified EHR systems are unable to generate reports that limit the calculation of measures to a prior time period. Therefore, CMS suggests clinicians download and/or print a copy of the report used at the time of attestation for their records. Attesting clinicians should also be prepared for additional reviews including patient medical records.

  • Was this article helpful?