Overview of Program Integrity & Oversight

Under the terms of the HITECH Act, New York is required to conduct adequate oversight of the Medicaid EHR Incentive Program in order to ensure that Recovery Act funds are expended wisely, and to take appropriate actions to combat waste, fraud, or abuse. Federal regulations oblige New York to collect and verify information provided by applicants on such issues as:

  • Provider enrollment eligibility, upon enrollment or re-enrollment;
  • Patient volume;
  • Providers' hospital-based status;
  • Whether a provider practices predominately in an FQHC or RHC; and
  • Providers' efforts to adopt, implement, or upgrade certified EHR technology, as well as the meaningful use of said technology.

One of the key requirements of the planning process required by the HITECH Act was the development of the State's audit strategy for the Medicaid EHR Incentive Program. This audit strategy was described in Section D of the New York State Medicaid HIT Plan (PDF, 11.7MB, 410pg.) This strategy, consistent with guidance issued by CMS, is designed to "look behind" provider attestations through a combination of pre-payment validation of attestations and post-payment audit activities.

Pre-payment Validation

After a provider submits all required information for a given payment year and attests to the accuracy of the submission, NY Medicaid will perform an analysis of the information to verify that it is consistent with New York State data. This process is designed to ensure that the provider completed the application correctly and accurately, and (to the greatest possible extent) to address any problems prior to the issuance of the incentive payment. The process may utilize a combination of automatic and manual validation steps, and will leverage existing controls built in to the NY Medicaid enrollment and reimbursement process for items such as Medicaid enrollment status and sanctions or exclusions. During this phase, NY Medicaid may contact the provider to request additional supporting information or documentation. The provider may be required to provide justification for any discrepancies between the information provided during attestation and other data (such as claims history and encounter data).

Post-payment Audit

The responsibility for detecting fraud, abuse, or waste in the Medicaid system and recovering improper payments rests with the Office of the Medicaid Inspector General (OMIG). OMIG has formed a new bureau within the Division of Medicaid Audit to handle program integrity operations for the NY Medicaid EHR Incentive Program.

A description of the methods used by OMIG to select providers for audit and the processes for conducting audits is contained in Section D of the NY-SMHP. OMIG plans to conduct both desk and field audits as required - most audits will start as a desk audit, with field audits initiated where the findings of a desk audit are insufficient to make a conclusive determination.

Many hospitals may choose to participate in both the Medicaid and Medicare EHR Incentive Programs, making them subject to audit by both the State (under the Medicaid program) and the Federal government Medicare program. Recognizing that many of the items subject to audit (particularly the various measures of meaningful use) are identical under the two programs, and seeking to reduce unnecessary duplication of effort, CMS has taken primary responsibility for auditing hospitals under both EHR incentive programs. A hospital deemed to be a meaningful user under the Medicare program will automatically be deemed a meaningful user under the Medicaid program. However, hospitals will still be subject to New York State validation and audit on New York State-specific aspects of the program, such as the minimum Medicaid patient volume for acute care hospitals and the calculation of the Medicaid incentive payment amount.

Providers should be aware that all information submitted during registration, attestation, and any subsequent validation and audit procedures must be backed by auditable data sources or documentation. Providers are required to retain documentation to support all attestations for no less than six years after each payment year against the possibility of post-payment audit.