Audit Guidelines

Program Integrity Audit Guidelines

Indiana understands the importance of the requirement to monitor, measure, verify, validate, and report activities related to prepayment validation and postpayment audits of providers participating in the Medicaid EHR Incentive Program.

To ensure program integrity, Indiana Family and Social Services Administration (FSSA) Audit Services and the IHCP Finance team employ various methods, standards, processes, and procedures to perform the required audit tasks to bring the Indiana Medicaid EHR Incentive Program into full compliance with Centers for Medicare & Medicaid Services (CMS) regulations.

Providers must submit auditable data and documentation for the EHR Incentive Program registration and attestation process, and on request for validation and audit procedures. Providers are required to retain all documentation supporting attestation for a minimum of six years after each payment year.

Indiana FSSA Audit Services and the Health Information Technology (HIT) Audit Work Group are committed to existing and successful Program Integrity and Fraud and Abuse Detection Audit policies, processes, and procedures, when appropriate.

Please note that the CMS will conduct all meaningful use (MU) audits for eligible hospitals (EHs). The following audit guidelines do not apply to that process.

Prepayment Validation

When the Medical Assistance Provider Incentive Repository (MAPIR), Indiana's attestation system, receives a transaction from the Medicare & Medicaid EHR Incentive Program Registration & Attestation System (R&A), indicating that a provider has registered for the Indiana Medicaid EHR Incentive Program, a transaction is stored in the database. All the information submitted by the provider is analyzed to ensure consistency with IHCP data and EHR program requirements.

Postpayment Audits

The postpayment review procedures are designed to help identify recoupment indicators and other potential incorrect payments. Eligible professionals (EPs) that received a Medicaid incentive payment are subject to a postpayment review in the form of a desk review or an on-site review. Providers are selected for audits based on proven Medicaid stratification variables, and risk assessment criteria is used before postpayment audits are performed.

Typically, postpayment audits begin with desk reviews followed by field audits if a desk review does not conclude audit determinations.

Appeals Process Overview

The FSSA has a process in place for eligible providers to appeal provider eligibility determinations and health information technology (HIT) Electronic Health Records (EHR) Provider Incentive Payments. The appeals process addresses provider appeals of payments, provider eligibility determinations, and demonstrations of efforts to adopt, implement, upgrade, or meaningfully use certified EHR technology (CEHRT).

If a provider disagrees with the final calculation of overpayment and wishes to appeal the Indiana Family and Social Services Administration's (FSSA's) determination, the provider can file an appeal per the steps listed in the Final Calculation of Overpayment letter that the FSSA issues to the provider.


If it is determined that monies have been paid inappropriately, a recoupment process is leveraged to recover the funds. An accounts receivable (A/R) record is created associated with the appropriate provider and the payment identified as an overpayment. Payment amounts are collected and refunded to the CMS via the appropriate adjustment. Indiana law requires that a provider repay the amount of the overpayment within 300 days of receiving the Final Calculation of Overpayment letter, regardless of whether the provider is eligible for or chooses to appeal the determination.

For additional information regarding EHR Incentive Payment Audits, please visit the Indiana Medicaid EHR Incentive Program FAQs page.

For guidance and technical assistance with completing a Medicaid EHR Meaningful Use audit documentation request, contact Purdue Healthcare Advisors at 844-PHA-INMU (844-742-4668) or Note: This guidance is to support the data submission, but it remains the responsibility of the provider to submit the information directly to the auditor.