Your Merit-Based Incentive Payment System (MIPS) attestations may be airtight, but you still need to be prepared for a possible audit. Here’s why: Because prepayment MIPS audits are random and post-payment reviews can go back six years, knowing when the audit ball might drop is impossible. You need to prepare now for a review down the line. There are a few basic things you can do to safeguard your MIPS audit file, suggests Cherie Kelly-Aduli, CEO of QPP Consulting Group in Mandeville, Louisiana and a MedAxiom consultant, in a MedAxiom blog post. Five tips from Kelly-Aduli include: 1. Take screenshots: For your Quality measures, “take a screenshot of your Quality scores from a report generated by your EHR,” advises Kelly-Aduli. You should also take a screenshot of measures met through patient interaction, too. 2. Copy documentation: Make copies of your Quality data generated by your EHR. The information may be needed to show that you submitted your measures through the CMS-approved registry vendor, she stresses. 3. Print reports: The Promoting Interoperability (PI) category is now front-and-center with CMS pinning so many policies to health IT. “Print a report from your Certified EHR of the measures with numerator and denominator calculations for each of your providers,” Kelly-Aduli advises. “The report should include the EHR vendor logo and the timeframe of which you are attesting. I also recommend collecting screenshots of the workflows for each measure reported.” 4. Record and manage risk assessments. Back up your PI Security Assessment with strong documentation that you performed an annual risk assessment. This measure is the most audited MIPS measure, Kelly-Aduli warns. 5. Use QPP resources: CMS offers strict advice on Improvement Activities’ data validation in the Quality Payment Program (QPP) resource library. “Prepare your documentation accordingly,” she cautions. Vendor matters: Don’t forget to document your vendor interaction thoroughly. CMS refers to these vendors as “third party intermediaries,” and they include “qualified registry vendors, qualified clinical data registry vendors, health IT or EHR vendors, and survey vendors,” notes the Texas Medical Association MIPS audit guidance. Your vendors must keep their own records separate from their interactions with your practice to participate in MIPS and can be audited, too.