We’ve all seen articles, interviews, and blog posts telling hospitals how to be prepared for potential audits of their meaningful use (MU) incentives. “Lessons Learned” and “Best Practices” abound in an attempt to give advice about protecting those EHR incentives from recoupment. There is a lot of money on the table, not to mention careers, and the audit process should not be taken lightly. There is simply too much at stake and a wrong move during the audit or appeal process would take a hospital’s staff to a place where it should never have to go.

Sometimes it is best to look at what not to do, the so-called “Worst Practices”. In the past year I have worked with numerous hospitals that have been down the dark and scary road of meaningful use audits. In the long ago days of 2011 there was a lack of clarification and guidance on the CMS EHR Incentive programs, but we wanted those seven figure incentives. Hospitals were moving quickly to adopt certified technology and achieve meaningful use even though the “knowledge gap” was very, very wide.

[See also: Could an 'ultimate EHR' disrupt the market landscape?]

Allow me to present a few “Worst Practices” that I have come across in the past year. Employing these will put your ability to obtain and hold on to those lovely incentives at risk.

1. No one in charge: Assign a committee to be responsible for the audit process and requests for documentation. When things go wrong there will be plenty of people to blame.
2. Insufficient documentation: Just assume you can always go back and recreate reports that you can’t find. All that data is in there somewhere, I’m sure we can find it if we need to.
3. Ignore requirements: We are not really sure what is this “syndromic surveillance submission” business. We only have to do one test? Let’s just say “yes” and move on.
4. Undocumented MU strategy: What was the reasoning behind those core measures that were excluded and menu measures that were not chosen? Who was that staff member that made the decisions?
5. Blame the EHR vendor: This entire mess was created by our vendor. It is their job to make sure there are no problems. They should be responsible and make this go away.
6. Don’t perform a Security Risk Assessment: I’m pretty sure we did one of these a few years back and it was OK. Probably still good now.

I could go on and on but you get my point. Don’t shoot yourself in the foot. Hold your head up high. Don’t cut corners. Do things in such way so that if you are asked to explain your actions two years down the road, you will be able to maintain eye contact and not “hem and haw”. How is that for a “Best Practice”?

Jim Tate is president and founder of EMR Advocate, where this article originally appeared.

Related articles:

4 ways to make EHR data more personal

AHIMA's 6 ways to improve EHR usability

Do patients even want digital health records?

ONC blazes past meaningful use goal for rural providers