Tip: Keep your EHR vendor’s information handy, too. Whether you’re a pro at Merit-Based Incentive Payment System (MIPS) attestation or this is your first year to submit performance data, you need to be prepared for a possible audit. Consider this: Thorough MIPS files may help you to back up your submissions’ data, but postpayment audit requests tend to be more complex and difficult to compile, reminds Lora Woltz, ONC HIT certification manager in the Eye Care Leaders April 25 webinar, “Bulletproofing the MIPS Audit File.” Plus, CMS can ask for up to six years’ worth of documentation — which may be hard to keep track of especially as data registries evolve, performance measures update, and certified EHR technology (CEHRT) changes. “One of the unique challenges in this timeline is that software editions can be retired, and that can create obstacles if the EHR or other platform is required to pull data for you,” Woltz warns. And due to this complexity and difficulty, “you very well could be relying on your vendors to help you gather the information you need.” Take 5 Steps to Help Back Up Your MIPS Documentation Because prepayment MIPS audits are random and postpayment reviews can go back six years, knowing when the audit ball might drop is impossible. There are a few basic things you can do to safeguard your MIPS audit file, suggests Cherie Kelly-Aduli, CEO of QPP Consulting Group in Mandeville, Louisiana and a MedAxiom consultant, in a MedAxiom blog post. Five tips from Kelly-Aduli include: 1. Take screenshots: For your Quality measures, “take a screenshot of your Quality scores from a report generated by your EHR,” advises Kelly-Aduli. You should also take a screenshot of measures met through patient interaction, too. 2. Copy documentation: Make copies of your Quality data generated by your EHR. The information may be needed to show that you submitted your measures through the CMS-approved registry vendor, she stresses. 3. Print reports: The Promoting Interoperability (PI) category is now front and center with CMS pinning so many policies to health IT. “Print a report from your Certified EHR of the measures with numerator and denominator calculations for each of your providers,” Kelly-Aduli advises. “The report should include the EHR vendor logo and the timeframe of which you are attesting. I also recommend collecting screenshots of the workflows for each measure reported.” 4. Record and manage risk assessments. Back up your PI Security Assessment with strong documentation that you performed an annual risk assessment. This measure is the most audited MIPS measure, Kelly-Aduli warns. 5. Use QPP resources: CMS offers strict advice on Improvement Activities’ data validation in the Quality Payment Program (QPP) resource library. “Prepare your documentation accordingly,” she cautions. Vendor matters: Don’t forget to document your vendor interaction thoroughly. CMS refers to these vendors as “third party intermediaries,” and they include “qualified registry vendors, qualified clinical data registry vendors, health IT or EHR vendors, and survey vendors,” notes the Texas Medical Association MIPS audit guidance. Your vendors must keep their own records separate from their interactions with your practice to participate in MIPS and can be audited, too.