In preparing documentation for potential audits, are the data validation criteria (PDF) that CMS has set up for MIPS measures and improvement activities a good guide?
They serve as the starting point. Providers should go beyond taking them at face value to create robust documentation for each quadrant and activity.
For Quality, review the measure specifications to understand all of the requirements; ensure the providers are meeting the requirements, and that the EHR is appropriately capturing the data and calculating the measure as expected.
For instance:
Measure 130 is “Documentation of current medications in the medical record,” which requires the provider to capture medication name, dosage, frequency and route of administration (how it enters the body). Many providers include everything but the route; it is very clear in the guidance that failure to include route fails the measure.
Similarly, for Promoting Interoperability, it is important to review the specifications and ensure the EHR is capturing and calculating as anticipated. Once the desired performance period is determined, take screen shots to show the required functionality is in place as of the first day of the 90 day reporting period.
For Improvement Activities, include the information CMS references as supporting the performance of the measure, but also consider creating a written summary of what the provider did to perform the activity.
For instance, document the date the provider started performing the activity, the steps taken to implement it, references to dates/meetings/agendas when the activity was discussed by the care team/administration, how it is measured, remediated, retrained, etc.
Realistically, what are the chances that CMS will audit providers for proof that their attestation and Y/N answers are legit?
It is impossible to say what chances are for an individual provider or group to be selected for an audit, but U.S. Code
§414.1390 (a) (Data validation and auditing) indicates “CMS will selectively audit MIPS eligible clinicians and groups on an yearly basis.”
We are aware of providers who have been selected for audit, with queries experienced in at least two quadrants, Quality and Improvement Activities.
For Quality, the auditor was seeking confirmation of the onset date of hypertension related to meeting
Measure 236, “Controlling high blood pressure.” For Improvement Activity, the auditor was seeking documentation as to how exactly the provider met the IA requirements. And, obviously, CMS is well-versed in auditing for Promoting Interoperability from Meaningful Use days.
The rule also allows CMS to reopen and revise payment adjustments subject to certain parameters. So while we can’t predict the chances of an audit, we know they’re actively auditing and they have options if they determine there is an issue.