MIPS Audits Have Officially Begun!
We knew it was coming and lo and behold, it’s happening: the dreaded Merit-Based Incentive Payment System (MIPS) audits are upon us. This week, letters went out to clinicians with the subject line: “Notification of Data Validation – Performance Year 2017.” The sender was Guidehouse, the contractor tasked through CMS to conduct the MIPS data validation and audits (DVA).
We want to make sure you’re prepared, so if you happen to receive one of these surprise DVA letters, here’s what you should know:
- The typical response window is 45 days! You will want to act swiftly and efficiently.
- These DVA can cover either of the first two years of MIPS: the 2017 and/or 2018 Performance years.
- Your specific auditor will be mentioned by name in the letter. Be respectful. Use their last name, and include their proper salutation in all of your communications.
- The auditor may ask a practice or clinician to provide documentation for any MIPS category for which data was reported. This includes Quality, Improvement Activities and/or Promoting Interoperability (formerly Advancing Care Information (ACI)).
- Audits are random. However, per the DVA fact sheet, the auditors are required to substantiate whether an individual/group submitted all applicable MIPS measures and encounters in any of these three circumstances:
- Fewer than the required 6 measures were submitted
- An Outcome or other High Priority measure wasn’t reported
- Less than a full specialty measure set was submitted
- Documentation to the auditor needs to be sent back through the Guidehouse HIPAA-secure file sharing platform or secure fax.
We were all warned this was coming, so the fact that DVAs are here should come to no surprise.
However, due to the very thorough nature of these DVAs, at Chirpy Bird Health IT, we make it part of our common practice to build each of our MIPS clients a comprehensive Book of Evidence for each performance year that follows CMS policy guidelines, to be prepared for this exact scenario.
A Few Things to Keep in Mind
- If you have changed EHRs since 2017 or 2018, you will likely need to acquire the data from your old system to complete the audit. This may include accessing specific reports, patient records, and/or visit data, which will require both time and resources, not only from your practice staff but also from the former EHR vendor. Do not expect your former vendor to work in a timely manner without some sort of compensation.
- Make sure you respect HIPAA when providing documentation to the auditor. The ‘Minimum Necessary’ rule applies here, so be sure to redact or blur any protected health information if/when the auditor requests specific records. If it’s not required to fulfill the purpose, keep it out.
- Fulfilling the request of a MIPS audit can be both time-consuming and stress-inducing, especially if your practice has experienced systems changes or staff turnover. We get it. No one wants to have money recouped. Thankfully, a third party can respond on your behalf. If you need help, contact us! We can be reached at firstname.lastname@example.org or 888-647-7247.