• linkedin
  • Increase Font
  • Sharebar

    There’s a blind spot in every meaningful use attestation

    This article has been edited to reflect a change issued by CMS. In the original article here and in our November print issue,  it was noted that dermatologists applying for meaningful use during a particular quarter must get their HIPAA risk assessment done before the end of that quarter.  That’s changed.  Now if you apply for meaningful use in 2015 you have until December 31, 2015 to complete the risk assessment.


    The Centers for Medicare and Medicaid Services (CMS) pulls no punches when it warns healthcare providers that meaningful use audits are happening, at random, and consequences for failing the audit are costly. If a provider cannot produce documentation that fully supports its electronic health record (EHR) attestation, the CMS could recoup incentive payments.

    Medical practices can be audited either pre or post incentive payments. It is estimated that meaningful use audits could be as high as 20 percent of all eligible providers. Any organization that fails an audit may have to return a full year of incentive money.

    While providers must achieve more than a dozen core objectives and measures related to health outcomes, patient safety, clinical procedures, etc., as tracked by their EHR, a HIPAA (Health Insurance Portability and Accountability Act) security risk assessment is the one objective that falls outside EHR reporting, yet is fundamental to meaningful use attestation. The HIPAA risk assessment helps identify risks to patient information exposure, and is required for Stages 1 and 2.

    Unfortunately it’s not uncommon for practices to hastily click the HIPAA risk assessment checkboxes and move on to the other core objectives. They check the boxes on the form without fully appreciating the fact that their tablets and laptops containing patient information can easily be left behind on a vacation or stolen at Starbucks. In fact, more than 60 percent of HIPAA violations are the result of lost or stolen devices; at U.S. airports alone, 12,000 laptops are stolen each week.

    Next: Audit examples


    Art Gross
    Art Gross co-founded Entegration in 2000 and serves as president and CEO. As Entegration’s medical clients adopted EHR technology Gross ...


    You must be signed in to leave a comment. Registering is fast and free!

    All comments must follow the ModernMedicine Network community rules and terms of use, and will be moderated. ModernMedicine reserves the right to use the comments we receive, in whole or in part,in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

    • No comments available

    Latest Tweets Follow