Many healthcare organizations were shocked to discover on Monday that the Centers for Medicare and Medicaid Services made more than $729 million in overpayments to providers that attested to the meaningful use EHR incentive program. 

What now? 

The U.S. Department of Health and Human Services’ Office of the Inspector General report revealed that the agency failed to conduct minimal documentation reviews.

[Also: CMS overpaid nearly $730 million in meaningful use incentives, OIG says]

While it’s long been said that meaningful use is far too stringent in its checklist of requirements, the fact is that organizations should have been conscientious when submitting attestations in the first place, according to Matthew Fisher, partner at Mirick, O'Connell, DeMallie & Lougee.

“The Meaningful Use program was clear that all attestation were reviewable. Additionally, the attestation is an affirmative statement and certification to the government that all statements are accurate and true,” said Fisher. “It’s never a good idea to misstate facts or circumstances when making a formal submission to the government.”

For Erin Whaley, partner at Troutman Sanders, documentation is the crux of the overpayment issue. And that will be ongoing. To receive meaningful use payments, organizations should have already had the needed documents in place. 

“The providers very well could have met the incentive, but if they don’t have the documentation -- it didn’t happen,” explained Whaley.

That’s the risk of meaningful use: There are so many pieces to check off that it’s easy to miss one, she added.

“The common advice when attesting for Meaningful Use was ensure that all documentation supporting the attestation existed and was retained,” said Fisher. “It’s impossible to reconstruct a submission after the fact.”

As of April 2017, over 523,000 providers received payments for participating in CMS’ meaningful use incentive programs. So how concerned should these organizations be that CMS may attempt to retrieve these payments?

While both Fisher and Whaley said it’s unlikely that CMS will have the resources to audit each of these organizations, they both agree that it’s probable CMS will be expanding its auditing process to determine if providers truly made meaningful use requirements.

“There’s a little bit of history here,” Whaley said. “A similar report came out in 2011-2012 and led to CMS instituting audits in 2013. CMS started doing pre- and post-payment audits in 2013 and they continue to do so. CMS alluded to these audits in their response to OIG.”

All of these providers should begin -- if they haven’t already -- gathering the required documentation. While it varies by the program, Whaley explained it will range from security risk assessments to screenshots. For other measures, providers will need a patient list or an audit log.

And documentation is required for every year attestations are made.

Fisher recommended that healthcare providers run an internal audit or review to ensure all documentation and information resides in one place and can be easily accessed.

“If an organization has everything in order, then it will be ready to respond in the event CMS comes knocking on the door,” explained Fisher. “Documentation should have been compiled contemporaneously.”

“Even if there is not necessarily a crystal clear picture, an organization may still be able to demonstrate compliance by piecing different materials together,” said Fisher. “If organizations are concerned, then they should go through the self-vetting process before any outside investigation or claim is made.”

And if hospitals recognize during its audit process that it received a meaningful use payment and failed to meet requirements, Whaley said providers “are obligated to repay within 60 days of becoming aware.”

“Providers don’t like to hear that, but it is the law,” said Whaley. “Theoretically, the fact they retained the overpayment is a violation in and of itself. They could have to repay the initial payment -- and the fines associated with overpayment.” 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn