On June 12, 2017 the Department of Health and Human Services Office of Inspector General (OIG) released a report entitled Medicare Paid Hundreds of Millions in Electronic Health Record Incentive Payments That Did Not Comply With Federal Requirements (Report) which estimates that between May 2011 and June 2014, the Centers for Medicare & Medicaid Services (CMS) under the Electronic Health Record Incentive Programs improperly paid over $729 million to providers that did not comply with federal requirements.

Following passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, CMS offered significant incentives to health care providers to encourage adoption of EHR systems that satisfied “meaningful use” requirements. To be eligible for EHR incentive payments, providers were required to self-attest that they satisfied federal program requirements and retain all documentation supporting their attestation for a period of six years following the attestation submission. To provide oversight of the program and ensure program integrity, CMS was tasked with conducting risk-based audits of inaccuracies in eligibility, reporting, and payment.

According to the Report, as part of its review, OIG selected a random sample of 100 eligible professionals who received one or more incentive payments between May 2011 and June 2014 and reviewed the support for their meaningful use attestations. Out of the sample of 100 eligible professionals, the OIG identified 14 eligible professionals that did not meet the meaningful use requirements “because of insufficient attestation support, inappropriately reported meaningful use periods or insufficiently used certified EHR technology.” The OIG identified overpayments totaling $291,222 to the 14 eligible professionals reviewed in the sample. Extrapolating based on this sample, the OIG estimates that CMS inappropriately paid $729,424,395 in incentive payments to providers who did not satisfy the meaningful use requirements.

According to the Report, the largest source of improper incentive payments concerned payments made to eligible professionals who did not maintain or provide support for their meaningful use attestations. Of the eligible professionals sampled by OIG who could not provide adequate support and documentation for their attestations, nearly half were unable to provide a documented security risk analysis as required under both the EHR Incentive Program and the Health Insurance Portability and Accountability Act.

As a result of these findings, OIG offered several recommendations including that CMS take action to recover the payments made to the sampled eligible professionals who failed to meet meaningful use requirements. The OIG also recommended that CMS attempt to recover the more than $729 million in incentive payments that OIG estimated were improperly paid. In addition, OIG recommended that CMS take steps to improve provider education regarding documentation requirements. In response to the Report, CMS generally agreed with the OIG’s recommendations, but noted that CMS had already implemented targeted risk-based audits to strengthen program integrity. The OIG responded to CMS’ comments by stating that risk-based audits were insufficient as they failed to capture the errors identified in the Report, and the OIG recommended that CMS review a random sample of incentive payments to ensure sufficient documentation is in place to support the attestation. This Report coupled with the 2017 Office of Inspector General Work Plan, which indicates increased enforcement activity for meaningful use incentive payments, suggests that providers should expect increased scrutiny and auditing going forward including for attestations submitted during the past six years, which is the time period required to retain supporting documentation.

Editor’s Note: Reprinted with permission from the American Health Lawyers Association. Any further reproduction of this article requires the advance written permission of the American Health Lawyers Association.