OIG: Paying Close Attention To HIPAA Security In Meaningful Use Audits

According to the recently released work plan of The Office of the Inspector General will continue to pay closer attention to the healthcare industry’s use of electronic health records – in particular HIPAA security, EHR incentive payments and fraud.

As digitization continues to be a priority so does it’s appropriate implementation and use. In a response to ensure IT security, compliance and electronic health records, the OIG has requested a $400 million FY2015 budget, an increase of $105 million and creating another 284 fulltime jobs to enforce the OIGs audits and reviews.

“Important changes are taking place across the healthcare industry,” wrote Daniel R. Levinson, U.S. inspector general, in OIG’s 2015 work plan justification. These changes, Levinson continued, include “an emphasis on coordinated care and an increased use of electronic health records. OIG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities.”

So how does that translate to healthcare providers and healthcare organizations? Practices can expect closer scrutiny for HIPAA privacy and security compliance. Penalties have increased significantly under the new regulations. Practices can face fines up to $50,000 per occurrence—quickly offsetting or negating the EHR incentives they received.

Physicians can no longer afford to be relaxed about HIPAA compliance. They must have sound privacy and security protocols in place to protect against violations that could result in severe penalties.

A prime example occurred in July 2009, when a physician and two former employees of an Arkansas medical center pleaded guilty to misdemeanor federal charges that they inappropriately accessed the medical records of a local television anchor, thereby violating the HIPAA privacy rule. Each faces a maximum penalty of one year in prison, a fine of up to $50,000, or both.

Meaningful Use Audits are on the Rise!

The HHS Office of Inspector General has stated the OIGs intent to review electronic health records meaningful use incentive payments and the security of electronic health records under the program in 2015. With the recent ask of a $100 million increase in budget and the addition of 284 full-time employees, this should come as a big red warning flag to those providers who either intentionally or unknowing provided inaccurate attestation information in previous years. Although the reviews have not been coined under the term “audit”, the OIG did state that, “We will review Medicare incentive payment data from 2011 to identify payments to providers that should not have received incentive payments (e.g., those not meeting selected meaningful use criteria),” according to HHS OIG’s work plan for 2015. “We will also assess CMS’s plans to oversee incentive payments for the duration of the program and corrective actions taken regarding erroneous incentive payments.” Medicaid incentive payments also will be reviewed.

The scope of the OIG reviews is not clear. A spokesperson says OIG auditors will conduct the reviews and share findings with CMS.

Although the “scope” may not be clear, what is clear is that those providers who reported erroneous data or are not prepared to provide actual data to support their meaningful use attestation and received incentive payments, will be expected to return and the incentive payments and could also be fined.

It is important to hire an expert in Meaningful Use Audits to Conduct a Mock Audit to ensure your information is accurate, it may not be too late to resolve what could potentially be an issue, however once the audited or the appeals process it may take up a great deal of time.  If you would like to conduct a Mock Audit or facing a  Meaningful Use Audit or Appeal Be contact EHR & Practice Management Consultants, Inc. at 1-800-376-0212 or contact@ehrpmc.com.