MIPS Audit: Are You Prepared?

CMS recently made an announcement that it has contracted with an agency to conduct MIPS audits and data validation for 2017 and 2018 performance years.

“CMS contracted with Guidehouse to conduct data validation and audits of some Merit-based Incentive Payment System (MIPS) eligible clinicians. Data validation and audits will help ensure MIPS is operating with accurate and useful data. MIPS eligible clinicians, groups, and virtual groups are required by regulation to comply with data sharing requests, providing all data as requested by CMS.

If you are selected for data validation and/or audit, you will receive a request for information from Guidehouse via email or by certified mail. You have 45 calendar days from the date of the notice to provide the requested information.”

The focus of this audit will be two-fold: To validate the data that was received for accuracy and to audit the Eligible Clinicians (ECs) for eligibility and appropriateness of any payment adjustment awarded.

The intent of this blog is to serve as your MIPS audit checklist and to help you be prepared if you happen to be chosen for an audit.


The best position to be in is to have planned for an audit: Say what you do; Do what you say; and Document that you did it.

Closely Monitor Your Email

The notification for audit could be sent via Email if you have provided an address to CMS when creating your EIDM account to submit and monitor your data. Ensure that the Security Official listed on the account closely monitors that email account to give you the maximum time to respond to the audit. A certified letter could be sent if you do not respond to the email, but you will lose a few days out of the 45 calendar days (required response time).

Creating the Book of Evidence

The first step is to create a “Book of Evidence” for each of the past two MIPS Performance Years in which you were determined to be an eligible clinician.

An Eligible Clinician (EC) is subject to a MIPS audit for up to 6 years after the performance period ends.

The Book of Evidence should contain all the relevant documents for the performance year that supports your data submission for the Quality, Advancing Care Information (ACI) / Promoting Interoperability (PI) and Improvement Activities (IA) categories. The Cost category is not included in the audit for both years since no data submission was required for that category.

As an Eligible Clinician (EC) is subject to a MIPS audit for up to 6 years after the performance period ends, we suggest the following list of documents to include in the Book of Evidence:

Documentation of Practice Related Information

1. A copy of a recent EOB that clearly shows your practice information.

  • Business name and address

  • TIN (all that receive Medicare Part B payments)

  • NPIs of all ECs in the practice under a given TIN

    It is important to note that you could be exempt under one TIN but be considered eligible to participate under a different TIN.

2. Screenshots of your individual and or group MIPS participation status as defined by CMS.

  • The MIPS participation lookup tool provides information on the 2017, 2018 and the current status for 2019.

  • A link to the lookup tool can be found here

  • It is a good idea to capture a screenshot for documentation even if it shows that you are not eligible for MIPS due to not meeting the thresholds. It could be useful if there is a discrepancy in future years.

3. The CMS certification ID of the EHR (2014 or 2015 Edition) that you used to record and submit the MIPS data.

  • This information can be found through your EHR or on this CMS website.

4. Establish a formal internal process for how and where MIPS data and documentation will be retained (and by who).

  • Imagine if the audit request comes 5 years from now, could you find this information?

5. Conduct a Mock Audit

  • Essentially, an audit “fire drill” to make sure the right people know what to do in case of the real thing.

Documentation for Quality, PI, and IA Performance Categories

The documentation of supporting information for Quality, PI, and IA performance categories will become the chapters within the Book of Evidence and will be the most important information needed to respond to a MIPS audit. Each category will need the details that support the data submitted, (most often to the patient level) to fulfill the audit documentation requirements. MyMipsScore’s experienced consultants can provide the assistance you need in assembling the requisite documentation for each category.

Best Practices to be MIPS Audit Ready


In summary, the best preparation for a MIPS audit is knowing that you have revisited and updated the Book of Evidence as often as necessary to assure its accuracy. The Book of Evidence will also serve you well in reviewing your Performance Feedback Reports and provide the supporting documentation for Targeted Review if you need to request one. Conducting a mock audit is also a best practice to see if you can get to the information without any delay. When an audit happens many years after submission, a practice can have different staff members and a different version of an EHR. The ability to generate the required reports for a specific performance year will most likely not be available. Making sure that there is a seamless transition of duties among the staff members is very important, with some redundancies in place in case of vacations or extended absences. 

We have assisted many providers with their Meaningful Use Mock Audits, Audits and Appeals. If you need help in preparing for, or responding to a MIPS Audit get in touch with us.