Don't have a TCI SuperCoder account yet? Become a Member >>

Part B Insider (Multispecialty) Coding Alert


Find Out Your Chances of a MIPS Audit

Tip: Keep your files on hand for at least six years.

If you’re busy submitting Merit-Based Incentive Payment System (MIPS) data for Performance Year (PY) 2019, you may also want to dust off your 2017 and 2018 files — in case your submissions are pulled for an audit.

Details: CMS uploaded a new fact sheet to its Quality Payment Program (QPP) resource library in July titled “MIPS Data Validation and Audit Overview.” The release reveals CMS has contracted with a new audit service, Guidehouse, and began auditing 2017 and 2018 PY data last month.

“MIPS participants selected for [data validation audit] DVA can expect notification of selection and initial requests for information in July 2019,” the QPP fact sheet says. “There may also be ad hoc data validation and audit work that is conducted through December 2019.”

Here’s What You Need to Know

Similar to other CMS audits, the DVA program expects MIPS-eligible clinicians to respond to “both the initial population and the follow-up requests for individual selections … within 45 calendar days of the request,” mentions the fact sheet.

Here is a quick breakdown of how the MIPS audit process works:

  • Selection: Participants selected for a DVA will be chosen randomly; however, QPP guidance suggests there will be a “variety of clinician types (urban, rural, large groups, small practices) and submission methods (Electronic Health Record (EHR), Qualified Clinical Data Registry (QCDR), Claims, Qualified Registry, CMS Web-Interface, CAHPS for MIPS Survey)” in the sampling.
  • Categories: The Cost category is exempt from the MIPS DVA; however, CMS will look at 2017 and 2018 Quality, Improvement Activities, and Promoting Interoper­ability submissions.
  • Performance measures: The MIPS DVA will home in on “approximately 40 measures” that pose the “highest identified risk[s]” to the QPP, the fact sheet suggests. But, “if you are selected for DVA, you will be requested to respond to requests related to at least one and up to all performance category measures and activities you submitted,” cautions CMS.
  • Documentation: In agreement with False Claims Act (FCA) mandates, CMS can request all data pertaining to MIPS — and that includes medical records — for up to six years after the initial submission. Post-payment MIPS audits may be on the horizon, so it’s critical that MIPS-eligible clinicians keep this information on file if their files do end up getting pulled in the future, suggests Lora Woltz, ONC HIT certification manager in the Eye Care Leaders webinar, “Bulletproofing the MIPS Audit File.”
  • Chances: The PY 2018 DVA fact sheet offers a good overview of what MIPS auditors will be looking for and what data you should be retaining in your MIPS files. Plus, if you submitted fewer than six measures in the Quality category, you should expect a call to validate whether you submitted all applicable MIPS measures and encounters, warns the QPP Year 2 DVA guidance.

Remember: High-risk behaviors will land your practice on the MIPS auditors’ radar, and that includes outlier activity from your registries and vendors. Clinicians are encouraged to retain their own records, even when working with a third-party intermediary, reminds the PY 2018 DVA fact sheet.

Providers should take screenshots and make copies of the data they upload to EHRs and registries, advises Cherie Kelly-Aduli, CEO of QPP Consulting Group in Mandeville, Louisiana, and a MedAxiom consultant, in a MedAxiom blog post.

Tip: The MIPS participant can submit follow-up materials or designated staff can, but choose ahead of time who will be your point of contact with CMS and Guidehouse, recommends the agency. If your MIPS files are pulled for a DVA, ensure your files are sent securely, advises the QPP.

Resource: Find the DVA resources, including links to PY 2017 and 2018 specifics, at