The announcement last week that a former Texas hospital CFO has been sentenced to federal prison for meaningful use fraud has raised the question of whether false attestation is likely to be widespread.
Certainly, the story of CFO Joe White and Shelby Regional Medical Center in Texas is a special case involving a system rife with corruption. The hospital closed in 2013 and its owner, Dr. Tariq Mahmood, has since been sentenced to 11 years in prison in a separate case of billing fraud.
However, some suggest that MU fraud could also be occurring among other institutions looking to obtain payments under Medicare's EHR Incentive Program. The special agent in charge of the Dallas region's HHS Office of Inspector General, Mike Fields, stated to the press, "Unfortunately, there are individuals and institutions like Mr. White and his hospital whose only intent for EHR funds was to enrich themselves."
What the critics say
Critics of the program note that it's a "pay-and-chase" system, and according to The Dallas Morning News, CMS has declined to discuss what it's doing to prevent others from ripping off the program aside from some prepayment audits.
"We do not release the volume or results of these audits," CMS spokesman Tony Salters told the newspaper.
Typically, the issue is not intentional fraud, says Jason Fortin, a senior advisor at consulting firm Impact Advisors.
"Meaningful use is outrageously complicated," he says. He suggests it's extremely easy to make honest mistakes when attesting, such as calculating a denominator incorrectly or doing a security risk analysis in a different way than required or at the wrong time, etc.
Fortin points toward a report from Health Security Solutions that found that as of September 2014, almost 24% of eligible physicians had failed MU audits and 5% of hospitals had failed.
“I think it's important to note that failing an audit is not the same thing as committing fraud," Fortin notes.
What audits are looking for
He suggests audits are not generally performed with the expectation of finding fraud but of finding errors. While he expects that some are performed because providers might somehow generate red flags, others are random, and the rule of thumb is to expect an audit.
"I've seen numbers estimating that anywhere from 10 to 20% of hospitals and physicians could be subject to an audit… I wouldn't be surprised if it's higher, especially given that CMS has now paid out $30 billion in incentive payments," Fortin says.
From his perspective, clients are very concerned with making sure their decisions and documentation will hold up in an audit, and he doesn't see an issue of providers looking to stretch the truth. "I don't think there's too much taking advantage of the gray area; if anything I think the gray area just causes frustration," he says.
Fortin advises providers to prepare for an audit by documenting, organizing and saving everything, including the rationale for how they arrived at any decisions that involve gray area. He adds that providers should use consistency across all their measures, and keep screenshots to prove what capabilities were enabled during the performance period.
With this type of documentation, "In an audit I think it would become pretty clear pretty quickly whether something was fraud or just an honest mistake," Fortin says. "We hear of people failing audits, but I have not come across any case that was something done intentionally."