CMS / EHR Stimulus Audits Are Here!!

We sent the stimulus money, now let’s see if we can get it back…

cms audits are here

Practitioners who have successfully attested for EHR Meaningful Use and received their stimulus money are to be applauded….. and now audited. Figliozzi & Company, a certified public accounting firm in Garden City, NJ was contracted by CMS, the Center for Medicare/Medicaid Services to conduct Medicare EHR (electronic health records) incentive payment audits. They have begun the process of auditing stimulus recipients for both Medicare and Medicare/Medicaid providers. Medicaid only providers are to be audited by their respective State Medicaid Agencies.


Figliozzi & Company said that they are sending letters to a fairly large sampling of EHR incentive recipients with some selected at random and some specifically targeted. The letters ask for:

a) A copy of a document from the US Department of Health and Human Services that certifies the provider’s EHR technology as eligible for the incentive program.

b) Documentation of reported emergency department admissions, a key number in calculating whether the provider met certain meaningful use requirements. (This is for Qualifying Hospitals only)

c) Supporting documentation for a provider’s claims to have satisfied mandatory meaningful use objectives and measures, such as electronic prescribing.

d) Supporting documentation for a provider’s claims to have satisfied voluntary meaningful use objectives and measures.


A spokesperson from Figliozzi agrees that the letters are not highly specific but the firm believes that the practitioners will understand what they are being asked to document. According to CMS rules, practitioners attesting for the meaningful use of an EHR are required to document their compliance with all 15 Core objectives and 5 of the 10 Menu objectives.


Jim Tate of EMRAdvocate wrote “One of the most talked about topics by those who are close to the incentive programs is the suspicion that the majority of EPs who have attested and received incentives have not completed Core Measure #15”. Core Measure #15 reads “Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process”.


Audited entities will have only two weeks from receipt of a letter to respond to requests from Figliozzi and Company. Any eligible provider that is deemed ineligible will be responsible for returning all incentives to CMS. Any provider wishing to appeal the ruling can contact CMS Office of Clinical Standards and Quality at (855) 796-1515 or by email at



Print Friendly, PDF & Email