HAP Radiology Billing and Coding Blog

It’s Not Too Early to Prepare for a MIPS Performance Data Audit

Posted: By Maria Calamaro on September 15, 2017

It's not too early to prepare for a MIPS audit Heatlhcare Administrative PartnersBeginning in 2019 the level of reimbursement from Medicare to many physicians will be determined in part by their performance in the Merit-based Incentive Payment System (MIPS).  Medicare will award a higher level of payment to those eligible clinicians and groups who report that they have successfully met certain criteria for Quality, Advancing Care Information, and clinical practice Improvement Activities.  MIPS is the successor program to the Physician Quality Reporting System (PQRS) and Meaningful Use of Electronic Health Records (MU-EHR) incentive programs, and CMS (the Centers for Medicare and Medicaid Services) has indicated that it will continue its practice of auditing the data submitted by practices just as they did under the earlier programs.  As this article in Healthcare IT News illustrates, the result of failing an audit will be non-payment of expected incentives (in the case of a pre-payment audit) or returning of funds already paid and possibly even federal sanctions depending on the severity of the infraction. 


The best time to prepare for the inevitable CMS audit is during the initial collection, reporting and storage of the supporting data so that the information will automatically be ready for review when the time comes. Currently CMS requires maintaining records supporting MIPS performance for six (6) years following the end of the performance year, but CMS has indicated in upcoming regulations that this may be changed to ten (10) years.  Let’s take a look at the documentation required for each of the MIPS performance categories.


As the successor to the well-established PQRS program, the data to be reported in the Quality category is fairly well understood by radiology practices. It starts with the clinical documentation related to the patient’s exam.  In radiology, this is most often the diagnostic imaging procedure report created by the radiologist.  It might also include any technologist’s paperwork completed during the exam or additional procedural reports completed for interventional radiology procedures.  


The clinical documentation is used to create the billing record, including the coding that identifies the procedure, the diagnosis, and any other identifiers necessary for quality performance reporting. Detailed billing reports should be produced and maintained for each reported quality measure to show:

  • Eligible cases
  • Reported cases
  • Associated quality codes

This information will support the numerator and the denominator calculations used to determine the Quality Category score.


In the past, CMS has not typically requested the associated clinical documentation in support of the quality measures being submitted. However, it would be prudent going forward to assume that this documentation may be up for review in the case of an audit, especially for practices that routinely report exceptional performance on quality measures. Hence, it is imperative that clinical documentation content supports the quality measures performance being reported.  


Quality reporting for MIPS can be done through claims submission, registry submission or EHRs, although most radiology practices will use the claims or registry submission methods. For audit purposes, CMS will already have all of the Medicare claims, but for registry submissions, they will not have the additional payer claims data required, nor, as previously stated, will they have the underlying clinical reports and other supporting material for any claims as these reside with the practice. Today this information is most often contained in computer databases, so the practice’s data retention plan has to include keeping backups for at least ten (10) years.  Whether on digital media or on paper, this time frame might be longer than the seven (7) years many practices typically use as their threshold for medical records retention.  In addition, outside data handlers, such as revenue cycle management companies, must also comply with the records retention policy.  This should be covered in the HIPAA Business Associate Agreement as well as in the company’s Services Agreement.


Use of a registry for MIPS Quality reporting introduces another agency into the picture. Practices should ensure that the registry can provide the requisite reports and documents that will be needed for an audit, including data not only for Medicare patients, but also for patients of all payers.  As described above, it is best to provide for appropriate records retention up front, and specify it in all agreements.

Advancing Care Information (ACI)

Most radiology practices will not be required to report in the ACI category either because they are deemed to be ‘non-patient-facing’ or because they are hospital-based. However, if a practice is reporting ACI, then the same well-established processes would be used for data retention as were developed under the MU-EHR program.  The audit process is also well defined under that program and reference can be made to materials related to it on CMS’ website.

Improvement Activities (IA)

Unlike Quality and ACI, Improvement Activities is new and uncharted territory beginning with MIPS. Our blog article provides an overview of the IA category requirements.  CMS has released guidelines for practices to use to document their IA reporting, but their guidelines are not specific. Their fact sheet on 2017 MIPS Data Validation and Auditing broadly states, “Your documentation used to validate your activities should demonstrate consistent and meaningful engagement within the period for which you attested.”  Healthcare Administrative Partners has helped radiology practices successfully pass MU-EHR audits over many years; as a result we have a thorough understanding of the type of information required by CMS that would best validate IA performance. 


Of the 92 possible Improvement Activities available to eligible clinicians and groups, about 25+ may be relevant to radiology. Once the practice has decided which activities to report, the following steps should be followed to create the audit documentation for each activity:

  1. List the Improvement Activity Selected
    1. Include IA number and Activity Name from the IA List published by CMS on their QPP website
    2. List the activity weight (either high or medium)
  2. List the timeframe for performing the activity
    1. Minimum 90 consecutive days in 2017
  3. Describe how your practice plans to satisfy this activity
    1. Give a title and personalize the activity with a description including any goals and targeted outcomes or metrics
  4. Describe the current process to be improved
    1. Include people, process, technology, pain points
    2. If no process currently exists, describe the lack of process and associated pain points that will be addressed with your improvement activity
  5. Detail the steps to implement your activity including your process and workflows
    1. Include people, process, technology, metrics, etc.
  6. Describe the benefits and value derived by the activity and who will benefit (patients, hospital, your practice, referring physicians, etc.)
    1. Include benefits statements, return-on-investment statements, etc.
  7. Identify and include material supporting the accomplishment of the activity
    1. Examples are screen shots, images, reports, documents, etc.
  8. Convert all materials to a single file in .pdf format for each activity and store for reference/audit purposes

When selecting IAs, activities that began in a previous year may be used as long they continue for at least 90 days in the current performance year.


IA category reporting to CMS at the end of the performance year will only include an attestation that the practice successfully completed the improvement activities they selected. As with the EHR-MU program, CMS has set a precedent to audit activities attested to in order to ensure that documentation exists to back up the response. IA attestations can be submitted through CMS’ designated website, a qualified clinical data registry (QCDR), a qualified registry (QDR), or the practice’s electronic health record system.


There’s no doubt that CMS will perform data validation and auditing of reported MIPS performance, with the result of audit failure being non-payments from or repayments to Medicare of incentives and possibly sanctions if a practice is unable to support its scores. The best course of action is to be proactive and put procedures in place up front to gather and retain the data needed when the auditor comes knocking on your door! 


Related Articles

Exceptions and Exemptions from MIPS Reporting for 2017: What Radiologists Need to Know

CMS Issues Its Proposed 2018 Medicare Physician Fee Schedule Rule

New Information on the Medicare Rules for Appropriate Use Criteria and Clinical Decision Support


Inside advice from radiology RCM experts


Topics: MIPS, Quality Payment Program, MIPS participation, radiology, quality measures

Subscribe to our radiology billing and coding blog

Recent Posts


How a radiology practice recovered lost referrals