Save Attester Initials with airSlate SignNow

Save attester initials

okay thanks again for everybody who's joined us today and especially to Natalie Stewart with the Purdue health care advisors who has put together this presentation for us today quick meaning era program / meaningful use we appreciate your time a couple quick housekeeping items if you are on the phone today we would appreciate it if you meet your line from your phone I can do on our end if we need to but it does make things flow but more smoothly when when you meet yourself then the meantime if anybody has any questions they would like to ask while muted you can do so by taking your mouse and hovering at the bottom of the screen there is a chat function that you can use there and I will moderate questions for the end so without further ado Natalie I'll turn it over to you Thank You Ali and thank you to the ir h a team for having me today i am here to talk about meaningful use audits and as you see as we go through these slides a lot of this is going to cover both hospital and ambulatory eps and it's what a lot of the same information is going to be required so when I say the word provider I'm that's the all-encompassing word for EPS and eligible hospitals and critical access hospitals if I've called out specifically eps and and/or EHS or see a HS then that's because i am referring to those individually or maybe I just didn't use the word provider for repetition but if something applies only to eps or only to hospitals i will have that specifically called out just a quick little nomenclature note before we jump in and before we jump into the audit discussion i would be remiss if I did not remind anybody on the line that if you have 2015 meaningful use for Medicaid to submit we've been on hold that's kind of been paused for the year as Matt underwent the upgrade but matter the attestation portal is now open and so please submit any and all of your program year 2015 Meaningful Use and aiu applications before September 12 because once that deadline hits no longer will 2012 applications be accepted please note that you can submit a program year 2016 application but that is only for a I you at this point as far as I am aware in meaningful use in you applications are not yet being accepted if you are doing a 90-day timeframe in 2016 as a first-year participants and likewise just one last reminder shameless reminder that 2016 is the last year to begin the Medicaid EHR Incentive program so all providers and I've called out specifically EPS here but if there are some hospitals out there if you're planning to participate in Medicaid meaningful use you must have enrolled and done your first participation year by 2016 there is no starting later in 2017 just a quick reminder a couple of reminders off the top here before we jump into audit but that's who our audits because that's the real discussion of what we're talking about today if you are participating in the meaningful use program whether it be Medicare or Medicaid you may be subject to an audit and you can be audited more than once in fact you can be audited every year you participate I am not aware anecdotally of anybody who has actually been audited every single year but it is one of those things where it's as I've heard somebody say in another webinar it's not if you're going to be audited it's when so what is the purpose of doing this it's not believe it or not to create stress and anxiety it is manded mandated it's part of the statute for Meaningful Use and it provides a checks and balances and it's not only to ensure that there is no fat or anything like that but it's to ensure the program integrity because this is a you know money flowing through CMS tax dollars so there's a duty to the taxpayers that this program is run with integrity and has a checks and balances system in place depending on the program which you are participating depending it does not matter which provider medicare has a certain company that they've contracted with CMS is contracted with figlio zijn company to perform any meaningful use audits that are submitted each state will administer their Medicaid Meaningful Use audits and for the state of Indiana those are completed by Myers and Stauffer so there are some program differences dipen the to meaningful use program audit programs but you'll see that they're actually pretty similar in terms of process so you can see a comparison here of course we're looking at Indiana Medicaid because that's what the majority of us are participating in please note if you do have some providers who participate in other state Medicaid so perhaps you're on the border and you have providers that are submitting meaningful use to Illinois Medicaid Kentucky Medicaid Ohio etc they will have a different likely have a different organization performing those audits and may have a different process so we're looking strictly at the Indiana Medicaid process when we talk Medicaid so for Medicaid they are administered by FSSA and sssa works with a group called Myers and Stauffer to perform both prepayment and Valerie payment validation and post-payment audits likewise Medicare or CMS has contracted with figlio Xion company to perform prepayment validation and post-payment audits so let's look at medicare first those are just inherently because of the Medicare meaningful use program they seem a little more straightforward than the state so looking at CMS Medicare in that process it's a fairly straightforward process you're going to get an initial request letter from CMS gov it's going to come via certified letter and you may not all the time but you may get an email as well and that email is going to go to the contact that you specified during registration for Meaningful Use so just as a quick note when you go in to do meaningful use attestation it behooves you to update that registration if the person has left the organization or if it's a person who maybe is still with the organization but their email address has changed or they don't regularly check their email address because this will be how figlio Z will try to get ahold of you so you may want to check that make sure that your contact person is updated the letter is going to specify the type of review and the documentation requested so they're going to let you know which program year they're looking at and they're going to let you know what information they want and they will give you a specific time frame to provide that data and it's typically to date two weeks from the date of the letter so again that goes back to why it's so important to keep that contact information updated in registration because they will try you know that two weeks can get eaten into if figlio c is trying to get ahold of you and you may have to work with them to get an extension or request an extension to provide to have longer to submit that data the auditors once you have the data and you've submitted it the auditors are going to review that documentation they will request information from you if additional clarification is needed but they will give you a final response sent via email how are you selected so there as we said prepayment validation and post-payment audits a prepayment sometimes those go on behind the scenes and you're not aware of it that can go by looking at eligibility verification so for instance um if you have submitted data and you know your taxonomy code or you're listed as a hospital-based provider they may come back and say ooh you may not need to be submitting this data or we have you in a different classification so they'll contact you that way it could be a random review again you may not know that it's going on behind the scenes there are red flag reviews and targeting suspicious data and when they say suspicious data it's not always indicative of malicious intent for instance one of the more common and I'm saying this in quotes suspicious data items is um there are certain objectives the percentage based objectives where the denominator should be the same across many denominators so if you and this was becoming less less so it used to be a lot easier to describe this when we have the objective of demographics meaningful use demographics back in those days the demographics denominator was the total unique patient seen by the provider during the reporting period likewise the Med list problem list and medication allergy list objectives their denominators were the exact same so when they say targeting suspicious data they would expect to see that the denominator for all four of those objectives would be exactly the same because it's exactly the same criteria so if you submit a denominator of 100 for the med problem and medication allergy list objectives and then 347 for your demographics objective they're going to take a look at that and be like ooh that seems a little suspicious to us what happened and they may contact you and then again for prepayment it is exactly what it is if you are selected for one of those you must validate that data before you can receive your incentive payments it's becoming less so now because a lot of folks who have participated in the Medicare meaningful use program have aged out of the incentives used to they would hold on to the incentive payment until the audit was clear or the validation was cleared and that will still continue for anyone who has meaningful use incentives to collect for this year however most likely it will be some sort of post-payment audit moving forward and looking at the post payment audit again it's a lot of the same kind of criteria the random reviews where you just get the luck of the draw those red flag reviews that are looking at suspicious data fraud identification so it can be going back to targeting suspicious data it can be and is used to identify fraudulent documentation or fraudulent attestations and you know root out those types of issues and then of course data validation how will you know if you've received a notice of audit from CMS you're going to get a letter and it may be attached an email it will be in a certified mail as well and here is a copy or a sample of what it will look like and this is provided by CMS so it's say you know quick letter it's going to have the CMS and EHR logos on it and figlio Z on it as well the letter will come to you from figlio Z it's not from CMS because they are working on behalf of CMS but they will have the logo moving over to Indiana Medicaid because this is where it gets a little fun because there's so much that goes into this so likewise the process is similar to CMS you're going to get an initial request letter from fssa and it's going to be sent via certified letter and or email and it's going to be to the contact that was specified in your attestation so you know you have to register with CMS and then go to the map or application within web interchange and in that application for each year that's where you specify a contact person so of course you want to update that and what they'll do is if you know if it's a previous attestation and somebody has left the organization or is no longer the contact person they will look back at the registration so going back to the CMS discussion when you register you may want to update that as often as you can they do have other ways of trying to get a hold of you they will contact the office they will contact who they have in the Medicaid files so to speak as the contact person for the organization but again it helps out everyone if that contact information is updated as often as it possibly can the letter is going to specify again the type of review and the documentation that they request here's where a little thing is a little different the majority of the reviews are going to be desk reviews meaning that FSSA requests certain information from you and you provide it electronically and then they review it and let you know there are and they do reserve the right to do on-site reviews or field audits and they have done those in the past I'm not aware of anecdotally of any that have been going on recently within like last year but um they have been done and I'm sure will continue to be done as needed again like CMS of the FSSA process is very similar the auditors are going to review the documentation that you supplied and they'll request additional information if clarification is needed then they're going to send you a final response and it will be in an email but there's also going to be a letter that's sent how our provider selected you may not realize this but every provider be at hospital or eligible professional are participating in a prepayment validation when you go into a test in mapper you are required to upload specific pieces of documentation and if you have not provided that documentation you will get a friendly email from the hpe folks who are helping with this to upload certain pieces of documentation that is because they are doing a prepayment validation on all attestation prior to issuing incentive payments so all providers who attest in map are required to upload documentation prior to having their attestation process and if they do need additional information HP is going to reach out to you so again make sure that contact person is updated so you may not have realized that it may have been frustrating that you you know have to go in and upload additional information before submitting but that is actually your participation in the prepayment validation process and that information is required before they will begin processing any meaningful use applications or aiu applications for payment post-payment audits for EPS and this is similar for hospitals but it this is more geared toward the EPS audit team from meijer and Stauffer receives a list of all providers who are paid during the applicable review period and all paid claims will be queried for each provider that received the payment and then compared against the attestations and prepayment review results and then each provider is placed in one of four risk categories and then from each of those four category a sample size is selected for audit I don't know what that sample size is I can't you know I unfortunately can't give any kind of you know clue as to well it's only five providers out of each category or block I have no idea how many providers are in each sample size or what the four risk categories you know the thresholds between the HR but in terms of process this is how it happens um and so going back I'm sorry to this slide why I specifically call out EPS is because moving on to talking about how your selected for AI you all all aiu applications go through a desk review it's almost essentially it's a one hundred percent of a iu applications are going through prepayment validation and again because they're doing the prepayment and looking at the documents that you're uploading you don't realize that you're being selected for an audit so there's no notification that comes to you you only get notified if there additional documentation is needed again through the email process with HPE moving over to meaningful use as I mentioned on the previous slide that's the process for EPS it is assumed that that is similar for hospitals and why I say it is assumed is because um FSSA is great about publishing their process and that sort of thing in regards they have tons of fa queues and it's really a great resource they don't address hospitals directly in terms of meaningful use audits and anecdotally I cannot I don't know of any Hospital that I have worked with or that we meaning Purdue have worked with in the state who've undergone a meaningful use audit that doesn't mean that they wouldn't or that they can't it just means that we're not aware of anyone who has so i can't speak from personal experience of how that audit process looks it is assumed that it would look similar to the hot to the eligible professional so that's why on that previous slide I called out eligible professionals only but again you're going to be notified via certified letter and probably email the letter is going to include the detailed information they're requesting as we said before they're the audits are most likely in the majority are going to be desk audits but on-site audits could be requested and any selected providers or hospitals would be notified via letter of the audit findings a desk audit again it's that remote audit there are um oh I'm sorry that's a typo that should say field audit the field audit so if you were ever selected for a field audit it's a two-part review on site the first part they're going to look at understanding your EHR workflow and discussing you know they're going to want to talk with people who are knowledgeable about the system probably your system and IT coordinators your super users that sort of thing on how data entry is happening during normal workflows and then they will want to test and validate the use of the system either by watching you you know seeing it in action so to speak the second part is going to be a detailed review of documentation and source information so they're going to ask before their arrival for detailed info from a sample of the selected measure so that they're a testing so they may say you know I want to see 10 charts for example out of of the patients who fell in the numerator for the CPOE medication orders objective and then they will come on arrival and you know perform perform that workflow to confirm that the information is in the EHR again this is um we know of a few folks that we work with who've had these field audits and it does take depending on the number of providers it can take a couple of days so it is something that you you'd probably need to cordon some folks from your team into the same room and and work directly with the provider or I'm sorry the auditors how will you know if you've received an audit from fssa you will get a letter it will come be a certified mail and it will not say it will not have Myers install fer big you know big logo on there it's going to have the FSSA logo on there this is a sample of a real audit letter so you can see how it's going to look of course the information is blocked out there but it's going to have the date the address that it's sent to the providers NPI and their name and it's going to provide a list of the information that they're looking at most likely they're going to want additional information that was not already provided when you attested so final determination that process is similar across both programs you will receive an audit response and it will tell you that you you know the determination was that you have met the criteria or that you have not met the criteria they will not provide you a scoring matrix so to speak it for instance they you know they're not going to say you know how they what they determined or how they determine that you did not fulfill that they will say due to you know you did not pass due to you know not meeting this objective or something like that but they're not going to go into specifics from the Medicare standpoint from the Medicaid standpoint they will so if an audit is passed you of course will get that notification but you may not get an official letter but if you're if you have not passed that or if you have failed you will get a letter that we'll explain to you why so you know you did not meet the thirty percent Medicaid eligibility criteria you did not meet the denominator I'm sorry the threshold for the objective etc and that will give you a demand letter and it will have repayment instructions and appeals rights that is the final determination letter so what that looks like from the SSS a standpoint again from personal experience I have not worked with any providers who have failed a CMS on it however the process for fssa is that you will actually get a preliminary or draft audit finding via certified mail so that means that the audit findings are not official at that point so if you are a Medicaid provider and it has been determined that you have failed the audit or in other words an overpayment of meaningful use funds has been identified you will receive a draft audit finding and that draft audit finding will tell you why they have identified that you you as the provider or hospital is going to potentially fail to meet the program requirements and that letter is going to outline to you that you have the opportunity to respond with a request for administrative review within 45 days once that 45 days passes whether you have not requested for administrative review or you have forfeited administrative review because they will ask you to return a form that says you plan to go for administrative review and thus request it that you forfeit that or that you want an administrative review within the 45 days once that time frame has passed if an overpayment is still found so if you still if it was found that you still are not meeting of the meaningful use requirements you will get a final audit finding letter via certified mail and they will include instructions on how to respond to the bindings and it will have a final calculation of the overpayment of funds that they found and then per Indiana code you have 300 days to repay the specified amount and that is regardless of whether you choose to appeal the findings or not so again administrative review is not an appeal because those findings are in draft format when you get the final audit finding those are final and thus subject to appeal however if you do choose to go for an appeal that is absolutely fine however you are still required to begin the process to repaying the amount because the appeal could last longer than the 300 days and you would not want to go into a like a collections or past due situation now if you were to win that appeal there could be reissuing of the payment I again I'm not aware of any situation where that has happened but per the India code this is how the process should work so that was a look at the process but let's talk about why do people or providers fail audits so the first and foremost the most common situation is the privacy and security objective and the security risk assessment there's a variety of reasons but the most common reasons are first and foremost that it just was not completed at all whether because you forgot or because there was an assumption that my vendor was going to take care of it but no documentation exists and there is no indication that a security risk assessment was ever completed another option or another reason for not meeting the security risk assessment objective is that you used a checklist CMS the Office of Civil Rights which overlooks HIPAA and ONC from the perspective of Meaningful Use have all said checklists are not equated to a robust security risk assessment as we talked about on the webinar last week about meaningful use objectives in 2016 the security risk assessment and the privacy and security objective is something that CMS and OCR take very very seriously and therefore there is no exclusion to the subjective there is no conceivable reason why this why it would be acceptable that this objective was not taken care of so using a checklist is not considered the same as doing a security risk assessment or the last most common reason is that maybe you actually did do a security risk assessment however there is no documentation that exists there's no report nothing can be found or we can find the report but we can't find that anything was documented to show that you made progress in trying to mitigate any kind of identified deficiencies again this is elite a living breathing document it's not a one and done which is hence why checklists are not acceptable so that when things are identified you are wanting to keep to incorporate that into your risk management process and thus keep updating it as you make progress toward mitigating certain or the identified issues so again this is not we did it on august twenty-third and we're not going to look at it again we're going to you know pack it away in a box and never look at it again you want to update it as you make process or progress so that is another common reason why a security risk assessment would cause you even if you have done it to not meet the objective likewise my vendor or consultant said it was okay that's great but if you have done something based on the you know the advice or guidance from a CMS FAQ or a consultant or vendor substantiate any of that advice that was given and maintain documentation and written documentation I kind of cringed because I know sometimes I send out emails to folks who ask questions that are probably way too long and way too technical or or you know that have way too long citations from final rules and faq and I acknowledge that but it's because I want you to have the reasoning behind why you know I've answered your question this way so any consultant or any vendor who gives you recommendations you know if they may be the correct information or the most accurate information at the time but you want to substantiate that have the FAQ save it even if you're you know typing out a word document with a narrative of why you chose to do this and then you know reference this citation from the final rule or this faq another reason why it's great and actually is best practice to have you know save any essay cues or any kind of CMS tip sheets or anything that have that you use as evidence of why you chose to interpret something this way is because things change over the years as we know the version of meaningful use stage 1 meaningful use from 2012 is not the same as stage 1 meaningful use today so if you are being audited for 2012's ecus can go away faq s can be updated and so you know faq number 5 may not look the same as it did back in 2012 so you want to save things per year and save them as they were at that time because it's hard to go back and recreate or find things that are no longer available CMS does retracts some faq if they're no longer applicable or if something has been updated so if one faq updates a previous faq main you know they may pull down that FAQ and you won't be able to find it because it's no longer even searchable the next reason lack of ownership of a complete EHR this is particularly common more so in the EP world than it is in the hospital world and it's actually kind of odd to me because the hospital world folks tend to have more modular type systems whereas in the ambulatory world eps have more complete systems but anytime that you're in a situation where you own a part or a piece of a complete EHR product and then you use another piece of a complete EHR product any time you're starting to mix and match certain functionalities from different vendors or different products you want to make sure that you have when all is said and done a complete EHR and that you're not using non certified software to meet any of the meaningful use objectives because the requirement is that you are using certified EHR technology to meet meaningful use objectives um one example that I have seen is um with it was with public health registry and years and years ago they had purchased an additional module module to submit public health data and then you know the intent was good a you know to submit that public health data but the module was not certified so you just want to make sure that you have it once you start mixing and matching pieces and parts of us of EHR systems that you it when all is said and done have a complete system this one can be very common the reports lacking identification especially for EPS because there's so many eps reporting your reports lack identification of the provider name and who it was or the EHR so one of the more frustrating things is that a lot of auditors are requesting that when you send the reports that you have a vendor name and logo on it you have the ep's name on it that identifies it if you're in a hospital system where you have multiple hospitals likewise you would do this but what is frustrating is that in the early years of meaningful use the a lot of EHR vendors had just basic Excel spreadsheets that didn't have any identification information on it in terms of the vendor the vendors name its logo anything so what's become frustrating is that you know being audited for previous years it's becoming difficult to provide reports that have those names and logos on them if you have situations like that there are ways to remedy that first and foremost communicating to the the vendor I'm sorry to the auditor but we'll talk about in a little bit why what you can do if you still have one of those systems report in Excel spreadsheets or generic notepad looking forms the public health objectives again similar to the security risk assessment you may have completed it but you didn't save adequate documentation you may have thought that the vendor took care of it you know any kind any time around that with the public health objectives and not having documentation is the situation that's cause for concern so what can you do I had to throw up my little child of the Disney movies of a kid and have be prepared here I thinking scar singing as I talked about this be organized and prepared generate the documentation as you go we kind of touched on this earlier you can't go back and recreate dates and time frames especially after software upgrades or patches a lot of EHR systems especially when we went from 2011 certified addition to 2014 the look and feel of the system changed so not only did reports probably get updated as stage one turned into stage two and now we have modified stage to a lot of the reports and the availability of reports are going away so or changing so it's becoming especially difficult to go back and recreate reports for instance if you're audited for a stage 1 meaningful use attestation in 2012 if you were trying to recreate a report from there and it was for the clinical visit summary that's not an objective anymore for EPS so it's going to be virtually impossible to recreate that report so the best you know the best advice is generate that documentation as you go have an audit response plan even if it's something as simple as this is the designated person or all documentation is going to be saved in this area electronically and in paper format you know something as simple as that that can help alleviate some of that anxiety or if you know if anybody on the call has been in the position where somebody took care of it you know in previous years and now you own it trying to understand or find where that documentation is thinking through thought processes that sort of thing making sure that you have a plan of how you know who is going to react how you're going to you know save it where you're going to say that that sort of thing have an attestation documentation packet i'm going down to my call out below there especially for EPS remember the audits are performed on a per NPI basis so / EP you want to keep all of your documentation on a per EP basis and if you have group documentation such as public health confirmation the security risk assessment specifically label that this you know this security risk assessment applies to these providers you know provider ABCD and call out their names that way that there is no question in years later that this was applicable to this provider at that time and then keep your evidence packet with regards to software screenshots you know for Medicaid they want you to upload a screenshot of the version of the EHR that you use which is typically that first login screen you know if you have any documented workflows that just have further support of how you know how the what the standard procedure is for how document I'm sorry how data is documented into the EHR how do you prepare remember that every year of attestation that you submit is auditable for up to six years after that year so you want to keep documentation submitted for each attestation for a minimum of six years so once you you know if you submit data meaningful use data for 2016 it can be audited for up to six years after that likewise for all previous attestation years remember I think I've beat this a beat that's pretty hard today but notifications are sent to the contact person designated during your registration for CMS Medicare or attestation for Medicaid so you want to make sure you update that contact person as needed each year commonly requested documents that we've heard about or that we you know been able to help folks with seeing what's requested on letters proof of certified EHR technology for that reporting period so they're going to want a copy of the ONC authorized certified testing body a certification number and a screenshot of the version that you were using to show that they course bond they will also they also potentially ask from in the case of Medicare sorry Medicaid they will ask for proof of purchase a licensing agreement vendor invoices anything that shows that you have a financially or contractually based agreement with a vendor that shows that you are getting updates you know that you are continuing to use a certified version of that technology ah this goes for both programs metrics reports for all attested measures they preferably should be system generated reports and they should have the reporting dates the vendor name and logo and the provider name on the report and then it would show the numerator and denominator for all of your percentage based meaningful use measures for your cqm not only will they show the numerator and denominator but make sure your reports show the exclusions and exemptions because that is something that's required for a vendor to produce and I from experience it's not so much anymore but in the early early days of meaningful use there were some vendors who did not put exclusions and exemptions on their reports for cqms so you just want to make sure that your report does have that or you know you may be looking at one version of the report and there's a more detailed version that you can get if your reports don't have the vendors name or logo on it be sure that you document screenshots of the step-by-step process of how you generated those reports so that you can show that the end result that is a generic Excel spreadsheet or generic notepad looking report is what you get when you go through the steps to generate those reports the next making sure that you have your security risk assessment report but then you have your management plan that you are updating and making sure that you at least have links or know where any kind of related policies and procedures are if they are referenced in the sra report particularly if it was noted that a policy was not in place so for instance if it was recommended that you have a password reset policy that you know users have to update their pop their passwords every 90 days if that was a policy that you have since created make sure you have a link to that or save a copy of it so you can show yes we did address this other documentation particularly for Medicaid you will be asked for this like a one I want to say I guarantee it but of course I carry it but most commonly you will be asked for this information documentation that more than fifty percent of your encounters occurred at a location equipped with certified EHR technology and likewise that more than eighty percent of your unique patient records are maintained in certified EHR a confirmation of Public Health objective completion preferably this would be in the form of a I sdh letter a letter with the Indiana State Department of Health feel on it is th actually has a great website it's a self-service web site where you can go in and you know put your information in for your meaningful use objective for each year and you can print out a letter and then later on if you ever needed that letter again you can go back into that account and reprint that letter on demand so it's kind of a nice function if you do happen to misplace that letter not know where it is or forgot to print it before and then screenshots of your enabled clinical decision support drug drug drug allergy interaction checks again the requirement for those are that they are enabled the entire reporting period but you do want to have screenshots that they are actually enabled and then and if you know if there's not a way for you to demonstrate that they were enabled the entire time you could have a policy or something from the vendors manual or something that says look this is the functionality that nobody here has the ability to adjust or you know only two people in the entire organization have the ability to do this and they attest that they did not change this they did not turn this off one thing that's become very nice is a few vendors I'll call out all scripts particularly because they were the first one that I was aware of that did this I believe that fina health does this as well they actually have a report that you can run that shows the day that these functionalities the the clinical decision support and drug drug drug allergy checks were enabled and shows that they've never been disabled or if they have what day it was so that you have additional supportive documentation that shows that these functionalities were enabled the entire reporting period for Medicaid participants only because you have the eligibility requirement of more than thirty percent of Medicaid volume you will have to also save volume reports you want to save both summary and detailed reports of how you arrived at that volume data whether it you know indicate whether it was from a group proxy level or individual level the detail reports just show the dates of service the payer type somehow identify the patient either by an ID number from the system or their name of the providers location and name or NP i somehow to identify the provider if you used out of state medicaid encounters that's absolutely great but you want to be able to you want to also have that saved that data saved because they will have to compare that to the indiana volume that they have if you're an SQ HC or rural health center of course you have the added needy patient encounter volume that you can include and you want to save the needy patient encounter data just like you would for the Medicaid patients and then of course for your that's all for your numerator for your denominator you want to save the exact same thing for all patients regardless of payer type that you're using one question that FSSA has addressed and and we've gotten it quite a bit is that's some pretty hefty data that the auditors would request or are requesting isn't it against HIPAA regulation to send this kind of information and in short this is a small snapshot of a much larger explanation and I've linked to the actual faq there but in short no it's not a violation the detailed information does not ask for specific ph identifiable pH I information such as um you know the chief complaints other things for the patients that would identify from feel as a self-pay patient or something like that why they were there so that FAQ you know again I provided the short version but this faq will go into why it's acceptable to respond to this request so how do you work with auditors of course being organized and timely de-identify patient information unless it's specifically requested hence right here Medicaid volume reports provide only the information that's requested by the audit letter and that's because I mean that helps simplify the process because that way the auditors are looking through information that they have not requested trying to figure out why was the sent to me why is this information why does this pertain to this it just keeps it all simplified if you do have questions ask if you need clarification or fear just not sure ask communicate the barriers any kind of timing issues or other potential problems particularly again we have more experience with the Indiana Medicaid audit process the authors are very understanding and they're very easy to work with and are generally able to provide additional assistance or additional recommendations for okay if you don't have this do you have this or if you do need an extension they will be able to grant that so they're very great about you know working with you and helping you be successful in the audit likewise I mean it's a small amount of experience but likewise for Medicare the figlie ozzy a group of the group the clients that I've worked with who've been through those and had to communicate issues to the figlio SI group they've been very responsive very understanding and you know actually appreciate knowing about potential barriers ahead of time rather than at the eleventh hour waiting for the information so your auditor is your friend make sure that you communicate any kind of information that could potentially a you know indicate a problem or an issue and in summary being prepared is going to save everyone headaches and stress just inherently the word audit I think can be an anxiety-inducing and I know it would be for me but the you know the purpose is not for it to be that way and so how can we make that better you know saving our documentation making sure things are labeled um you know so that we're prepared when it does happen it can save everyone some some stress and anxiety remember that you can be audited for up to six years and the information must supplied / provider this again it's particularly important for the ambulatory eligible professional groups but um if you know any hospitals on the line if you're part of an organization that has multiple hospitals this would like likewise go for you again being organized and responsive is going to make it a smooth process for everyone both you and the auditors which is great and then if you have any questions contact PHA we have a helped us specifically to help providers for when things pop up especially like with audits if you have questions about you know what could this potentially mean should I contact the auditor what do I do in this situation we're happy to help and then lastly here are some links that you can see again you can see the attestation documentation requirements that are required for prepayment validation for Medicaid the total faq list that they have and then their audit guidelines likewise for Medicare they have some sample letter they have general information regarding you know what supporting documentation to keep that sort of thing so those are all great resources lastly if you need more assistance particularly if you are participating in a FQHC rural health center a community mental health center community health clinic critical access Hospital and Indiana Medicaid contact us because we have grant funding available through fssa to help providers not only with audits but with meaningful use in general and so we would be happy to talk to you my colleague Wayne handles all of the enrollment so feel free to contact him if you have any questions or you want to see if you qualify for this program lastly there's my contact information and our help desk you can save that help desk number and email address and reach out to us we're open every day except for University designated holidays but with that I will turn it back over to Ali for closing comments and if there are any questions but before I do that again thank you for having me today always a pre eh of the chance to talk with everyone and at work with in the Animal Health Association