Post-Payment Audit Guidance


If selected for audit, providers will be sent an Audit Notification Letter by certified mail that outlines the required documentation needed for the audit. For reference purposes, a copy of the provider´s signed attestation for the payment year under audit will be included with the Audit Notification Letter. The Audit Notification Letter will indicate if the provider is under audit for Meaningful Use (MU) or Adopt/Implement/Upgrade (AIU) and for which payment year.


The Audit Notification for AIU will request documentation demonstrating the adoption, implementation or upgrade of certified EHR Technology. Submitted documentation should clearly identify the vendor name, product name, and version number(s) of your complete EHR system or upgraded modules. Examples of documentation to demonstrate AIU includes:

  • Signed contract with vendor
  • Vendor invoices from payment year under review
  • Payment receipts from payment year under review
  • Log in reports associating the provider with the EHR system in payment year under review
  • Documentation showing the date that adopt, implement, or upgrade of the EHR system took place (i.e. applicable vendor communication)
  • Signed vendor letter


The Audit Notification email for MU audits will include a checklist detailing the documentation required for the Core and Menu measures/exclusions that were attested to. See MU checklist section for recommended documentation needed for each measure/exclusion.

All Audits

After the Audit Notification Letter has been mailed, the auditor will send a follow up e–mail to the address listed on the provider´s attestation, informing the provider or his/her designated contact of the issued Audit Notification Letter and the documentation being requested. Documentation supporting the Medicaid patient volume for the 90-day reporting period must be submitted for each post-payment audit. Please note the Audit Notification Letter will vary based on the patient volume method chosen by the provider. The aforementioned email will also include an Excel spreadsheet that may be completed with encounter data supporting the provider´s Medicaid patient volume. The email will include instructions for the submission of this information. Documentation from other auditable data sources may also be submitted to demonstrate a qualifying Medicaid patient volume. Note that additional information may be requested when the provider´s submitted Medicaid encounter data varies from the encounters found in the Medicaid Data Warehouse.

Additionally, providers may be asked to submit documentation to support their hospital based encounters from the previous calendar year. Specifically this would include documentation to support Medicaid inpatient (code 21), Medicaid emergency department (code 23) encounters, and total Medicaid encounters.

The Audit Notification Letter will give instructions for the submission of the supporting documentation. Documentation may be mailed or submitted electronically to the auditor using the auditor's HIPAA compliant Hightail account. The Audit Notification Letter includes a due date for supporting documentation of 35 days after the letter is mailed.

Since communications are sent to the physical address and e-mail address on file, providers should periodically verify that contact information shown in MEIPASS/SLR is accurate. As a point of reference information on the letter will be pulled from the provider's attestation from the year paid.