Secure data for six years. Participating in the Merit-Based Incentive Payment System (MIPS) for your surgery practice means more than just attesting to the data and forgetting about it. Task: You have to safeguard the documentation for years in the event of a MIPS audit. In fact, CMS can ask you for up to six years’ worth of post-payment documentation. That can be hard to keep track of, especially as data registries evolve, performance measures update, and certified EHR technology (CEHRT) changes. Help is here: Use the following advice from our experts to make sure you’re ready for a MIPS audit. Master Your Documentation You can take several steps to make sure you have adequate documentation to defend against an audit. Here are five suggestions from Cherie Kelly-Aduli, CEO of QPP Consulting Group in Mandeville, Louisiana and a MedAxiom consultant, in a MedAxiom blog post: Use QPP resources: CMS offers strict advice on Improvement Activities’ data validation in the Quality Payment Program (QPP) resource library. “Prepare your documentation accordingly,” Kelly-Aduli cautions. Copy documentation: Make copies of your Quality data generated by your EHR. The information may be needed to show that you submitted your measures through the CMS-approved registry vendor, she stresses. Print reports: The Promoting Interoperability (PI) category is now front and center with CMS pinning so many policies to health IT. “Print a report from your Certified EHR of the measures with numerator and denominator calculations for each of your providers,” Kelly-Aduli advises. “The report should include the EHR vendor logo and the timeframe of which you are attesting.” Take screenshots: For your Quality measures, “take a screenshot of your Quality scores from a report generated by your EHR,” Kelly-Aduli suggests. You should also take a screenshot of measures met through patient interaction, too. Record and manage risk assessments: Back up your PI Security Assessment with strong documentation that you performed an annual risk assessment. This measure is the most audited MIPS measure, Kelly-Aduli warns. Use Your Vendors You’re not in this alone, so make sure you put your vendors in your corner to document your MIPS data. Use the following ideas to get the most out of your vendors if you face a MIPS audit. Look-back: One of the unique challenges of the six-year time frame is that software editions can be retired. That can create obstacles if you must pull data from your electronic health record (EHR) or another platform, warns Lora Woltz, ONC HIT certification manager, in an April 25 webinar, “Bulletproofing the MIPS Audit File.” But your vendors should retain the ability to access data from earlier software editions. Due to this complexity, “you very well could be relying on your vendors to help you gather the information you need,” she says. Keep track: Don’t forget to document your vendor interaction thoroughly. CMS refers to these vendors as “third party intermediaries,” and they include “qualified registry vendors, qualified clinical data registry vendors, health IT or EHR vendors, and survey vendors,” notes the Texas Medical Association MIPS audit guidance. Your vendors must keep their own records separate from their interactions with your practice to participate in MIPS, and they can be audited, too.