Report Fraud


The Centers for Medicare and Medicaid Services (CMS) requires states to have a process in place to provide oversight over funds distributed for the Medicaid Promoting Interoperability (PI) Program. The South Carolina Department of Health and Human Services (SCDHHS) Division of Audits and Health Information Technology (HIT) Division develops and maintains the South Carolina Medicaid PI Program Audit Plan. As part of the plan, the SCDHHS Division of Audits performs routine risk assessments in order to select eligible professionals (EP), eligible hospitals (EH) and critical access hospitals (CAH) for compliance audit. These audits require participants to submit detailed information regarding their EHR attestations.

The State Level Repository (SLR) is designed for EP, EH and CAH to attest to meeting the requirements of the South Carolina Medicaid PI Program. The final attestation screen within the SLR requires participants to agree to the terms and conditions of submission of an attestation; these include retention of all records necessary to support the attestation data. Records to support the attestation must be retained, and made available upon request for audit purposes, for a minimum of six years from the last year of participation in the program. These records may include but are not limited to the following:

  • Documentation of acquisition, purchase or access to certified EHR technology including contracts, invoices and receipts, and/or other supporting documentation.
  • Detailed documentation of all patient encounters used to calculate patient volume for the 90-day patient volume period. The documentation should include the provider name, patient name, date of service, insurance used and location of service.
  • List of all medical providers employed by the practice during the attestation period.
  • Support for the meaningful use of the certified EHR technology including but not limited to the following:
    • Meaningful use reports and dated screenshots.
    • Communication with public health agencies or specialized registries confirming active engagement.
    • Documentation of the Security Risk Assessment in compliance with 45 CFR 164.308(a)(1).
    • Other information needed to support the attestation of objectives, exclusions and clinical quality measures.

For more information regarding Medicaid PI Program audits, please refer to the following links:

CMS EHR Incentive Program Educational Resources Meaningful Use Overview

Security Risk Assessment Overview & Tool

10 Myths about the Security Risk Assessment Requirement

Back to Top