Technical Corrections to HIPAA Omnibus Rule Released

The U.S. Department for Health & Human Services (HHS) announced it is releasing technical corrections to the HIPAA Omnibus Rule tomorrow. These technical corrections are “to address public comment received on the interim final Breach Notification Rule, and to make certain other modifications to the HIPAA Rules to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.” HHS “determined that the corrections in this final rule are minor, routine determinations in which the public would not be particularly interested, or about which the public has already been put on notice, given the context of the errors or omissions to be corrected.”

These technical corrections are scheduled to be published on June 7, 2013, but until then, you can download the pre-publication, PDF version here.

HHS Announces Dramatic Increase in Adoption of Electronic Health Records

On May 22, 2013, Kathleen Sebelius,  Secretary of the United States Health & Human Services Department, announced that over 50 percent of doctors and over 80 percent of hospitals are making a “meaningful use” of electronic health records (EHRs) and have received incentives for such use.   By comparison, in 2008, just nine percent had adopted EHRs.  Secretary Sebelius credits the “dramatic increase” in adoption of EHRs to the Health Information Technology for Economic and Clinical Health Act (HITECH Act) that was passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA).  The HITECH Act awards incentives to eligible professionals (physicians) and hospitals who make a “meaningful use” of EHR technology that has been certified by the HHS Office of National Coordinator of Health Information Technology (ONC).  The HHS press release with further information is available here.

CMS-ONC Listening Session on Coding and Billing

On Friday, May 3, 2013, the Centers for Medicare and Medicaid Services (CMS) and the Office of National Coordinator of Health Information Technology (ONC) jointly hosted a listen and learn webcast about the impact of EHRs on coding and billing. Look for HITECHMcClure on Twitter for comments from the panelists.  Materials used during the session can be accessed here.  CMS plans to post an audio recording of the session on its Educational Resources webpage at a later date.

ONC revokes two EHR product certifications — review your vendor contract warranties!

On April 25, 2013, the Officer of National Coordinator for Health Information Technology (ONC) announced that it had revoked certification for two electronic health record (EHR) products that the ONC had previously certified for use as part of the incentive program implemented pursuant to the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act).   The products for which ONC revoked certification are EHRMagic-Ambulatory and EHRMagic-Inpatient.  The ONC’s press release with additional information is available here.

Whether the providers who purchased these products in reliance on the previous ONC certification will be able to recoup their investment in these products may depend on the terms of any vendor agreement signed between the parties.  For providers who are purchasing ONC-certified products, this development highlights the importance of examining the provider’s EHR vendor agreement to ensure that it contains adequate warranty and indemnification provisions that will protect the provider in case the vendor’s product is de-certified by the ONC.  Importantly, without “certified EHR technology”, the provider will not qualify for the HITECH Act’s meaningful use incentive payments.

Kentucky Health Information Exchange Underwriting CeRT Early Adopter Licenses for One Year

Kentucky Health Information Exchange (KHIE) sends out alert on Thursday, April 18, 2013, indicating that it will accept applications from 13 providers who are seeking financial assistance to qualify for the HITECH Act’s Meaningful Use incentive payments.

Read the rest of this entry »

The Ball is Now in Play to Extend the EHR Safe Harbor!

By Ann F. Triebsch and Kathie McDonald-McClure

Barely two weeks after Rep. Jim McDermott (D-Wash) sent a letter to the HHS Office of the Inspector General (OIG) requesting that the Anti-Kickback Statute’s “safe harbor” allowing hospitals to donate electronic health record (EHR) items and services to physicians be extended, the OIG has proposed a rule to do exactly that.  On April 10, 2013, the OIG proposed a rule to extend the Anti-Kickback Statute safe harbor from December 31, 2013, to December 31, 2016.  On the same date, the Centers for Medicare & Medicaid Services (CMS) proposed a complementary rule to extend the Stark Law’s similar EHR exception to December 31, 2016.

EHR adoption goals not yet reached.  The original December 31, 2013 expiration dates under both laws had been established on the belief that the need for EHR donations would be tapering off by then.  The CMS proposed rule acknowledged that while “the industry has made great progress, use of such technology has not yet been universally adopted nationwide,” and remains an important goal.  The last year providers can receive Medicare EHR incentive payments is 2016, which also is the last year providers can begin participation in the Medicaid EHR incentive program.  The Medicaid program payments end in 2021. 

Fraud and abuse risk concerns.  Both CMS and OIG reaffirmed the goal of promoting a free exchange of data (with due regard for privacy protections) achieved through EHR interoperability that benefits patient care.  However, both also expressed a concern that the safe harbor could be misused in a way that results in a data lock-in that would secure referrals.  Additionally, both CMS and OIG are concerned that the EHR safe harbor could be misused by providers and suppliers of ancillary services who do not have a direct and primary patient care relationship and a central role in the health care delivery infrastructure.  To balance these risks of misuse against the interoperability goal, CMS and OIG propose to limit the scope of EHR donors who can seek safe harbor protection to hospitals, group practices, PDP sponsors, and MA organizations and to specifically exclude laboratory companies and other high risk categories, such as durable medical equipment (DME) suppliers and independent home health agencies.  CMS and OIG are soliciting comments on these exclusions and also seek comments on whether other individuals or entities with front-line patient responsibilities, such as safety net providers, should be included.

ONC recognized as certifying agency for interoperability.  The current safe harbors require that the donated technology be deemed interoperable by a certifying body recognized by HHS no more than 12 months before the date the technology is donated to the physician.  Since the issuance of the original safe harbors in 2006, the Health Information Technology for Clinical and Economic Health Act of 2009 (HITECH Act) was passed. The HITECH Act resulted in the creation of a formal EHR certification program, the responsibility for which rests with the Office of the National Coordinator for Health Information Technology (ONC).  The ONC is now responsible for approving the certifying agencies that can deem an EHR interoperable.  Because the ONC-certified agencies ensure that the required EHR certification criteria are met, the current 12-month certification time frame also would be eliminated under the proposed rules.  Both of the proposed rules also eliminate the requirement that donated EHRs contain electronic prescribing capability, since the health care industry already has made substantial progress in this regard. 

Both rules are open for comments until June 7, 2013.  The CMS rule can be found here.  The OIG rule can be found here.

Extension of EHR Safe Harbor? The Ball is Rolling …

by Ann F. Triebsch

The anti-kickback “safe harbor” allowing hospitals to donate electronic health record (“EHR”) equipment to physicians who may refer patients to their facility is set to expire on December 31, 2013, but efforts have begun to have the safe harbor extended. The safe harbor, created in 2006, allows hospitals to donate EHR and electronic prescribing technology to practices for the purpose of setting up or improving EHR systems, provided that the practice covers 15% of the cost of the EHR technology, without risk of anti-kickback enforcement. The purpose was to incentivize the meaningful use of EHR systems, and Medicare incentive payments for EHR adoption will continue through 2016.

Rep. Jim McDermott (D-Wash.) sent a letter on March 28 to Greg Demske, chief counsel of the HHS Office of Inspector General, asking OIG to extend the safe harbor provision. He emphasized Washington’s goal of reducing healthcare costs and eliminating wasteful spending, and pointed out that an extension would further that goal. He called the safe harbor provision “a common-sense policy” that “encourages collaboration among providers, yet also contains rigorous requirements that providers must meet in order to protect the Medicare and Medicaid programs from the few unscrupulous providers who would donate electronic health record software in exchange for referrals.” Earlier this year, the Federation of American Hospitals also showed support for renewing the EHR safe harbor.

To read Rep. McDermott’s letter, click here.

To read the Federation of American Hospitals letter, click here.

Stay tuned for further action on an extension.

New EHR Exemptions Proposed

A new bill entitled the “Electronic Health Records Improvement Act” has been introduced in the U.S. House of Representatives. Its stated purpose is to “amend certain requirements and penalties implemented under the Medicare and Medicaid programs by the HITECH Act of 2009, which would otherwise impede eligible professionals from adopting electronic health records to improve patient care.” Most notably, this bill proposes two new exemptions to the requirements to be a meaningful user of electronic health records (“EHRs”) that will be beneficial to solo physician practices and physicians nearing retirement:

• Eligible Professionals in Small Physician Practices.  A physician who is a solo practitioner in 2015 would be exempt from the application of the downward payment adjustment for not demonstrating EHR meaningful use during the payment years 2015-2017.  Implementing EHRs require significant investments in time for vendor selection, capital, and staff resources—and solo practitioners typically do not have the necessary resources to invest in EHRs.  This exemption allows undercapitalized solo practitioners an additional three years to become a meaningful EHR user.
• Exception for Certain Physicians Near Retirement Age.  A physician who will be eligible for Social Security by December 31, 2015 (or will be eligible during the 5-year period following that date) is also exempt from the application of the downward payment adjustment for not demonstrating EHR meaningful use during the payment years 2015-2017.  This exemption will encourage physicians nearing retirement to continue practicing medicine for several more years instead of retiring early to avoid implementing an EHR.  (Because this section of the Bill uses the terms “eligible professional” (in the text) and “physician” (in the title), there is some question as to whether this exception applies only to physicians nearing retirement or also applies to other types of eligible professionals, such as dentists, chiropractors, podiatrists, and optometrists.  Hopefully, this confusion will be clarified if this Bill progresses into law.)

Here is a link to H.R. 1331. This Bill is currently in committee, and we will watch its progress closely.

Sample BAA Provisions

The final HIPAA-HITECH Omnibus Rule (Omnibus Rule), released in January, substantially increases the privacy responsibilities of a business associate that receives protected health information, such as contractors and subcontractors.  These new requirements will need to be reflected in business associate agreements (BAAs) between the covered entity and the business associate as well as in agreements between a business associate and its subcontractor.

For example, BAAs must now contain provisions requiring business associates to notify the covered entity of any data breaches.  Moreover,  the Omnibus Rule expanded the definition of “business associates” to include subcontractors, which means business associates must now enter into BAAs with their subcontractors who access PHI. 

The Department of Health & Human Services (HHS), Office for Civil Rights (OCR) has posted sample BAA provisions on its website to help covered entities and business associates more easily comply with the additional BAA requirements found in the Omnibus Rule.  While these sample provisions are written for use in a contract between a covered entity and its business associate, the language may be tailored for purposes of a contract between a business associate and its subcontractor.

These sample provisions do not constitute a sample contract but are only a starting point.  It is not enough to print and sign these provisions.  As OCR warns, “These provisions address only concepts and requirements set forth in the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules, and alone may not be sufficient to result in a binding contract under State law. They do not include many formalities and substantive provisions that may be required or typically included in a valid contract.  Reliance on this sample may not be sufficient for compliance with State law, and does not replace consultation with a lawyer or negotiations between the parties to the contract.”  Moreover, there are common concepts in BAAs that are notably missing from the sample provisions, such as indemnification, notification, and mitigation, which should be considered for inclusion with any BAA. 

 

If your current BAA was signed on or before January 24, 2013, then it will be deemed HIPAA compliant through September 23, 2014 (at which time the BAA will need to have been amended for compliance with the Omnibus Rule).  Any new BAAs signed after January 24, 2013 should comply with the new requirements under Omnibus Rule, and be in place by September 23, 2013.

The New HIPAA Rules are Out!

by Ann F. Triebsch

(Updated January 27, 2013)

On January 17, 2013, the Department of Health & Human Services (HHS), Office for Civil Rights (OCR), released the final HIPAA Omnibus Rule (Omnibus Rule) implementing the HITECH Act of 2009 and the Genetic Information Nondiscrimination Act of 2008 (GINA). The Omnibus Rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s enforcement capabilities. The regulations are published in the January 25, 2013 Federal Register, and will be effective on March 26, 2013, with compliance required by September 23, 2013.

We will discuss the highlights of the new regulations, topic by topic, in this blog over the next few weeks, but we begin with a key piece of information relevant to existing business associate agreements. The new regs substantially increase the privacy responsibilities of a business associate that receives protected health information, such as contractors and subcontractors. Business associates may also be liable for increased penalties for noncompliance based on the level of negligence, up to a maximum penalty of $1.5 million.

All of the new requirements will need to be reflected in business associate agreements (BAAs). If your current business associate agreement was signed on or before January 24, 2013, it will be deemed HIPAA compliant through September 23, 2014 (at which time the agreement will need to have been amended for compliance with the Omnibus Rule). After January 24, 2013, any new BAAs signed should comply with the Omnibus Rule, and be in place by September 23, 2013.

To read the Omnibus Rule, click here.

OIG First Year Assessment of the EHR Incentive Program

by Ann F. Triebsch

 The HHS OIG released a report on November 28, 2012, assessing CMS’ first-year performance in overseeing the Medicare EHR Incentive Program.   The OIG did not give CMS high marks, but its primary recommended solution is being rejected, as it may have done more harm than good under the circumstances.   

 Self-Reporting Insufficient Basis.  Under the program, providers implementing EHR systems and attesting that they are “meaningfully us[ing]” them as defined by HITECH receive financial incentives, which can help offset the not-insubstantial costs of the systems.  The gathering of data for the attestation to CMS can be a time-consuming process.  CMS checks the data submissions via its own computer logic, and if the submission is approved, the incentive payment is sent. In its report, OIG says CMS has paid out about $4 billion in incentive payments to providers to date, with a total of $6.6 billion estimated by 2016.  However, OIG points out that because the computer logic checks are not complete or fool-proof, but rather rely on self-reported data, the incentive program is “vulnerable” to fraud, paying incentives where meaningful use requirements are not fully met.  OIG recommended that CMS undertake prepayment reviews of substantiating documentation from certain providers, based on risk analyses, rather than using the “pay and chase” model it is moving away from.

Sticking with the Plan.  CMS declined to follow OIG’s prepayment review recommendation, citing the increased up-front burden on providers, as well as delayed incentive payments.   CMS put it politely, but we couldn’t agree more.  Providers have incurred substantial debt to purchase these EHR systems, and some are throwing up their hands, or worse, in frustration as they make the switch from paper, input so much new data, learn their new systems and try to integrate them with other existing systems.  To delay the incentive payments, which are the carrot to encourage providers to adopt this technology that CMS and the Obama administration so fervently want, especially in the absence of any suspected or proven abuse to date, would be politically untenable, and counterproductive to the worthy goals of HITECH. 

 Other Recommendations.  CMS did agree with OIG’s other recommendation to issue guidance on the types of documentation it expects providers to maintain to support their compliance with the “meaningful use” requirements, and indicated it would soon be posting a FAQ document on this subject.  OIG recommended that the Office of the National Coordinator for Health Information Technology (ONC) require certified EHR technology to be capable of producing reports for yes/no meaningful use measures, where possible, which is not a current capability in many systems, and that it improve the certification process to ensure accurate EHR reports.  ONC concurred with these two recommendations.

While verification of meaningful use attestations always would have been a possible topic for CMS audits of providers, this OIG assessment of the first year of the EHR Incentive Program may provoke CMS to investigate the topic more closely.  But for now, CMS made a well-considered decision to keep its resources where they are, and not begin a witch-hunt when there is no sign of widespread evil intent.

CMS Issues Interim Final Rule on EHR Certification and Incentives

On December 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare & Medicaid Services (CMS) published an interim final rule with comment period to make revisions to the 2014 Edition Electronic Health Record (EHR) and revisions to the EHR Incentive Program.  Specifically, this rule will:

• Replace the Data Element Catalog (DEC) standard and the Quality Reporting Document Architecture (QRDA) Category III standard adopted in the final rule published on September 4, 2012 with updated versions of those standards.
• Revise the Medicare and Medicaid EHR Incentive Programs by adding an alternative measure for the Stage 2 meaningful use (MU) objective for hospitals to provide structured electronic laboratory results to ambulatory providers, correcting the regulation text for the measures associated with the objective for hospitals to provide patients the ability to view online, download, and transmit information about a hospital admission, and making the case number threshold exemption for clinical quality measure (CQM) reporting applicable for eligible hospitals and critical access hospitals (CAHs) beginning with FY 2013.
• Provide notice of CMS’s intention to issue technical corrections to the electronic specifications for CQMs released on October 25, 2012.

This interim final rule will be effective January 5, 2012.

Electronic Health Records Already in OIG’s Sights for 2013!

by Ann Triebsch

The 2013 Work Plan released October 2, 2012, by the HHS Office of the Inspector General (OIG), demonstrates that even the health care industry’s brand-new electronic health records (EHR) initiative is already under scrutiny for potentially abusive and erroneous practices by some providers.  The Work Plan lists three activities that indicate that the OIG is not planning to let any bad habits (or bad actors) get established as providers get comfortable with their new EHR systems.

Read the rest of this entry »

Patient Engagement is Key in Stage 2 Meaningful Use

Stage 2 of Meaningful Use under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) requires providers who want the HITECH Act’s EHR incentive payments to ensure that at least some patients are engaged and are actually using their electronic health records (EHRs).  The Final Rule for the Stage 2 criteria call for eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) to provide a means for patients to access their health care information online.  EPs must also provide a means for patients to send secure messages electronically, however, patients have to actually use these services in order for providers to meet these new measures for making a Meaningful Use of certified EHRs.

Read the rest of this entry »

Final Rules for Stage 2 EHR Incentive Programs Released

First, the Centers for Medicare & Medicaid Services (CMS) released the long-awaited final rule to govern Stage 2 of the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs. The rule specifies the Stage 2 criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to continue to participate in the EHR Incentive Programs.

• Click here for the full text of CMS’s final rule.
• Click here to see the fact sheet on CMS’s final rule.

Second,  the Office of the National Coordinator for Health Information Technology (ONC) also announced a related final rule, which specifies the technical capabilities and related standards and implementation specifications that Certified EHR Technology will need to include to support the achievement of meaningful use by EPs, eligible hospitals, and CAHs under the EHR Incentive Programs.

• Click here for the full text of the ONC rule.
• Click here  to read a fact sheet on ONC’s standards and certification criteria final rule.

Stay tuned.  We will be posting more about these final rules in the days to come.

Get Ready for Audits on EHR Incentive Payments

The promised audits have begun for providers receiving electronic health records (EHR) incentives available under the Health Information Technology for Economic and Clinical Health (HITECH) Act. 

In order to receive Medicare EHR incentive payments, providers must attest to CMS that they meet Meaningful Use (MU) criteria using certified EHR technology.  Any provider attesting to receive an EHR incentive payment for either the Medicare EHR Incentive Program or the Medicaid EHR Incentive Program potentially may be subject to an audit.  If an audit finds a provider is not eligible for an EHR incentive payment because it does not meet MU criteria, then the incentive payment will be recouped.   Here’s what providers need to know to prepare for an audit:

Read the rest of this entry »

Initial HIPAA Audit Report Provides Some Guidance, Identifies Top Risks

In our November 2011 blog post, we told you about the launch of HIPAA privacy and security audits mandated by Section 13411 of the Health Information Technology for Economic and Clinical Health Act (HITECH Act). KMPG, Inc. was awarded the contract to develop the audit protocol and conduct these audits last fall and, on March 1, 2012, completed its initial group of 20 audits aimed at testing the audit protocol. The United States Department of Health & Human Services’ (HHS) Office of Civil Rights (OCR) recently issued a preliminary report of the results (click here to see OCR’s slide presentation of the 2012 HIPAA Privacy and Security Audits Report). 

Read the rest of this entry »

New Guide for Privacy and Security of Health Information in EHRs

The Office of the National Coordinator for Health Information Technology (ONCHIT) recently released a 47-page Guide to Privacy and Security of Health Information.  The Guide provides direction to providers on protecting patient privacy and securing their health information in an electronic health record (EHR) for purposes of complying with the Heath Insurance Portability and Accountability Act (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The Guide also addresses compliance with certain Meaningful Use (MU) standards that have been promulgated pursuant to the HITECH Act’s incentive program for adopting and implementing EHRs.

Read the rest of this entry »

CMS Releases Proposed Rule for Stage 2 Meaningful Use of Electronic Health Records

On Thursday, February 23, 2012, the Centers for Medicare and Medicaid Services (CMS), pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, released a 455-page Proposed Rule specifying the Stage 2 criteria that eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) must meet in order to qualify for Medicare and/or Medicaid incentives related to electronic health records (EHRs).  The Proposed Rule also proposes to modify certain Stage 1 criteria, as well as criteria that apply regardless of Stage, as previously published in the Final Rule on July 28, 2010 in the Federal Register.  The proposed provisions related to Medicaid (calculations of patient volume and hospital eligibility) would take effect shortly after the finalization of the Proposed Rule and would not be subject to the proposed one-year delay for Stage 2 meaningful use of a certified EHR.  The Proposed Rule states that the changes to Stage 1 would take effect for 2013, but that most changes would be optional until 2014.  Last but not least, the Proposed Rule addresses the Medicare payment adjustments that will take place for EPs, eligible hospitals and CAHs who fail to demonstrate a meaningful use of certified EHRs by 2015 and proposed exceptions to such adjustments.

Read the rest of this entry »

February 29 Data Breach Reporting Deadline Fast Approaching!

The deadline is quickly approaching for mandatory data breach reporting to the United States Department of Health & Human Services (HHS) under the Health Information Technology for Economic and Clinical Health Act (HITECH Act).  Covered entities must report data breaches involving less than 500 individuals to HHS within 60 days following the end of the calendar year in which the breach occurred.   Because 2012 is a leap year, covered entities that experienced a data breach involving fewer than 500 individuals in 2011 should submit data breach notification reports to HHS by February 29, 2012.  

The reports must be submitted electronically.  Please follow these links for the submission form and reporting instructions.

Early Meaningful Users Promised Stage 2 Extension

On November 30, 2011, U.S. Department of Health and Human Services (HHS) Secretary Kathleen Sebelius issued a press release announcing proposed steps to encourage physicians and hospitals to adopt electronic health records (EHRs) this year and receive incentive payments made available under the Health Information Technology for Economic and Clinical Health (HITECH) Act), which was part of the American Recovery and Reinvestment Act of 2009 (ARRA). 

Under the HITECH Act, physicians and hospitals have the opportunity to earn financial incentives from Medicare and Medicaid if they demonstrate the adoption and meaningful use of certified EHRs in a series of three stages. Under the current rules, physicians and hospitals that adopt EHRs in 2011 and attest to meeting Stage 1 meaningful use standards by February 28, 2012 must meet Stage 2 standards in 2013. If they wait until 2012 to attest to Stage 1, providers could delay Stage 2 compliance until 2014. To encourage more providers to adopt EHRs in 2011, instead of waiting until 2012, HHS proposes to allow providers who qualify for Stage 1 meaningful use in 2011 an extension until 2014 to meet Stage 2 standards. HHS clarified that providers first attesting to meaningful use in 2011 qualify for both 2011 and 2012 incentive payments.

These proposed steps are consistent with June 2011 recommendations from the Health IT Policy Committee (HITPC).  As we reported this summer, HITPC advocated that providers who begin to attest to meaningful use in 2011 be provided an extra year “to phase in the stage 2 expectations (i.e., Stage 2 for those who attest in 2011 would begin in 2014).”  HHS listened!

HHS intends to publish this extension in the Stage 2 meaningful use Notice of Proposed Rulemaking (NPRM) in February 2012.

At the same time, HHS also released new data from the Centers for Disease Control and Prevention (CDC) showing increased adoption of EHRs by physicians.  The CDC report documented that physicians’ adoption of health information technology (IT) doubled in two years, and 52% of physicians intend to apply for meaningful use incentives, up from 41% in 2010.  Click here to access additional information about achieving meaningful use, including the CDC report.

Final Rule on ACOs encourages EHR adoption but eliminates “meaningful use” requirement

The Centers for Medicare and Medicaid Services (CMS) announced today, October 20, 2011, that the use of certified electronic health records (EHRs) will be the highest-weighted quality measure for an Accountable Care Organization (ACO) under the new Medicare Shared Savings Program.

ACOs are designed to encourage primary care doctors, specialists, hospitals, and other health care providers to coordinate their care. The CMS Final Rule on ACOs bases the amount of shared savings that an ACO may receive for its performance on four domains of quality: 1) quality standards on patient experience; 2) care coordination and patient safety; 3) preventive health; and 4) at-risk populations.  To earn shared savings the first performance year, providers must report across all four domains of quality, which include a total of 33 quality measures.  Providers will begin to share in savings based on how well they perform on 23 of the 33 quality measures in the second performance year and on 32 of the 33 measures in the third performance year. 

Measure 20 of the 33 quality measures requires ACOs to report the percentage of primary care providers (PCPs) who successfully qualify for an EHR Incentive Program payment.  CMS expanded the scope of PCPs who can be counted in this measure by eliminating the requirement that the PCP be a “meaningful EHR user” as defined in 42 C.F.R. § 495.4 of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.  CMS stated that it “decided to . . . expand [measure 20] to include any PCP who successfully qualifies for an EHR Incentive Program incentive rather than only including those deemed meaningful users.”

Read the rest of this entry »

ONC Releases Model Privacy Notice for Personal Health Records

After the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, the interest in storing and accessing health information online increased, prompting increased concerns about the privacy and security of such information.  In September 2011, the Office of the National Coordinator for Health Information Technology (ONC) released a Personal Health Record (PHR) Model Privacy Notice for public use.  This Model Notice meets ONC’s initial goal in a multi-phased, consumer project to increase consumer awareness of PHR companies’ data practices.  The next phase seeks to empower consumers by providing them with an easy way to compare the data practices of two or more PHR companies.  Read the rest of this entry »

Proposed Federal Regulation Requires HIPAA-Covered Labs to Release Test Results to Patients

On September 12, 2011, the Office of National Coordinator (ONC) for the United States Department of Health & Human Services (HHS) announced a Proposed Rule that will enable direct access to laboratory test results by patients.  Under the Clinical Laboratory Improvement Amendments of 1988 (CLIA), laboratories must hold a CLIA certificate in order to perform one of three levels of complex laboratory tests regulated by CLIA.  Even before the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act), concerns have been expressed regarding the lack of clarity under state law, and the literal prohibition in some states, regarding whether a CLIA laboratory that is independent (as opposed to hospital based) may release laboratory test results directly to a patient.   Read the rest of this entry »

Health IT Policy Committee Recommends Delay for Stage 2 Meaningful Use

UPDATE: On July 6, 2011, Farzad Mostashari, M.D., ONC Chief, backed the ONC Policy Committee’s recommendation to delay implementing Stage 2 meaningful use criteria.

*********************************************************************

On June 16, 2011, Paul Tang, M.D. , as Vice Chair of the Health IT Policy Committee for the  Office of National Coordinator (ONC), wrote a letter to Farzad Mostashari, M.D., the ONC National Coordinator, requesting a delay in implementing Stage 2 of the meaningful use criteria that eligible healthcare providers must meet in order to obtain the monetary incentives for adoption of electronic health records (EHRs).  The monetary incentives were established pursuant to the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), which was part of the American Recovery and Reinvestment Act of 2009 (ARRA).  Dr. Tang states in the letter:

The HITPC has heard from both the vendor community and the provider community that the current schedule for compliance with stage 2 meaningful use objectives in 2013 poses a nearly insurmountable timing challenge for those who attest to meaningful use in 2011. With the anticipated release of the final rule for stage 2 in June, 2012, it would require EHR vendors to design, develop, and release new functionality, and for eligible hospitals to upgrade, implement and begin using the new functionality by the beginning of the reporting year in October of 2012. After careful consideration of the trade-offs between the urgency with which new functionality is needed and the ability to safely deliver and to effectively use the new functionality, the HITPC recommends that—only for those who begin to attest to MU in 2011—an extra year be provided to phase in the stage 2 expectations (ie., Stage 2 for those who attest in 2011 would begin in 2014).

The Committee asserts that the delay would only affect providers who implement Stage 1 in 2011.  This assumes that providers who wait until 2012 to implement Stage 1 would not have been ready to implement Stage 2 until 2014 anyway.  The letter also sets forth the proposals for stengthening Stage 1 criteria in Stage 2.  The Committee voted 12 to 5 in favor of the recommendations in the letter.  To read the entire 14-page letter, click here.

CMS Proposed Rule on Accountable Care Organizations is linked to Meaningful Use Measures

What do the Physician Quality Reporting Incentives Program (PQRI) and Hospital Inpatient Value Based Purchasing (VBP) Program have in common with the recently released proposed regulation for establishing an Accountable Care Organization (ACO)? Answer: The meaningful use measures established by the Centers for Medicare and Medicare Services (CMS) for qualifying for incentives under the Health Information  Technology for Economic and Clinical Health Act of 2009 (HITECH).  Of course! 

On April 7, 2011, CMS published the Proposed Rule on Medicare Shared Savings Program: Accountable Care Organizations in the Federal Register. The Proposed Rule sets forth the requirements that an ACO must meet in order to qualify for the cost savings that will be available to qualifying providers.  Among the requirements, CMS incorporates the EHR meaningful use incentives, stating:

[T]he ACO should have a process in place (or clear path to develop such a process) to electronically exchange summary of care information when patients transition to another provider or setting of care, both within and outside the ACO, consistent with meaningful use requirements under the EHR Incentive program.

Now Medicare providers have another reason to get on board sooner rather than later with the implementation of a certified electronic health record (EHR). 

Stay tuned to the HITECH Law Blog for a post that will have a more in-depth review of how the ACO requirements may impact providers in regard to the implementation and use of certified EHRs, including a review of the overlapping measures for PQRI, Hospital VBP Programs, HITECH EHR incentives and ACOs.  In the meantime, to read more about the HITECH meaningful use measures utilized in the CMS Hospital VPB Program, see the article, “Certified EHRs Expected to Transmit Data for Medicare’s New Hospital Inpatient Value-Based Purchasing Program,” posted to the HITECH Law Blog on February 8, 2011.

Certified EHRs Expected to Transmit Data for Medicare’s New Hospital Inpatient Value-Based Purchasing Program

On January 13, 2011, the Centers for Medicare and Medicaid Services (CMS) released its Proposed Rule on the Medicare Hospital Inpatient Value-Based Purchasing (VBP) Program. The VPB Program is being established per the directive of the Patient Protection and Affordable Access to Care Act of 2010 (PPACA). CMS is to begin making incentive payments under the VBP Program for discharges on or after October 1, 2012.

Seven years before PPACA required CMS to establish the VBP Incentive Program, the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) gave CMS authority to establish the Hospital Inpatient Quality Reporting (IQR) Program. The clinical quality measures that CMS has adopted for the IQR Program will feed into the measures for the VBP Program.

The IQR Program measures were generally based on recommendations from the National Quality Forum (NQF), a voluntary consensus standard-setting organization with a diverse representation of consumer, purchaser, provider, academic, clinical, and other health care stakeholder organizations. The IQR measures began as a set of 10 quality indicators that have since expanded to 45 clinical quality measures for the FY 2011 IQR program payment determination. The FY 2011 IQR hospital measures focus on four topics: 1) Acute Myocardial Infarction (AMI); 2) Heart Failure (HF); 3) Pneumonia (PN); and 4) Surgical Care Improvement Project (SCIP).

So how does this relate to the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and a hospital’s “meaningful use” of a “certified EHR“? Ahhh, there is a method to the madness. As the CMS VBP Proposed Rule points out, the Hospital IQR program and the Hospital VBP Program have “important areas of overlap and synergy with regard to the reporting of quality measures under the HITECH Act.”

CMS notes in the Proposed Rule that the certification standards for EHRs under the HITECH Act are directed at enabling EHR submission of quality measures. CMS is striving “to align the [VPB] measures with the adoption of meaningful use standards for health information technology (HIT), so the collection of performance information is part of care delivery.” As a result, CMS anticipates that hospitals will use their certified EHRs for the reporting of clinical quality measures under both the Hospital IQR program and the subsequent Hospital VBP Program.

The proposed initial measures for the FY 2013 Hospital VBP Program include 18 measures. Of these 18 measures, 17 measures will focus on the four clinical process of care topics set forth for the 2011 IQR Program (AMI, HF, PN, and SCIP), and will add Healthcare-Associated Infections (HAI). The 18th measure will include a measure from the Hospital Consumer Assessment of Healthcare Providers and Systems Survey (HCAHPS) that will fall under a patient experience of care domain.

The proposed performance period is to begin July 1, 2011 and will continue through March 31, 2012 for the FY 2013 payment determination. This is already less than five months away! Another reason for Eligible Hospitals under the HITECH Act to focus on implementation of a certified EHR. Did I hear someone ask how the VBP incentive payments will be funded? Answer: By a reduction of the Fiscal Year 2013 base operating DRG payments for each discharge of 1%. “What one hand giveth, the other hand taketh away.” (Unknown)

For more information about the IQR Program, visit QualityNet.  For additional details about the VBP Program, see the Proposed Rule.  CMS will accept comments on the VBP Proposed Rule until March 8, 2011.  CMS expects to issue a final rule in 2012.

HHS Releases Final Rule on “Meaningful Use” of Electronic Health Records

Update: On December 29, 2010, HHS published in the Federal Register a “Correcting Amendment” to its Final Rule on Meaningful Use, which can be viewed here.

HHS Secretary Kathleen Sebelius wasted no time in putting the brand new CMS Director to work on July 13, 2010, in announcing the release of two rules under the Health Information Technology for Clinical and Economic Health Act (HITECH), including the Final Rule on Meaningful Use and the Final Rule on Initial Set of EHR Standards and Certification Criteria. Donald M. Berwick, MD, MPP, FRCP, was sworn in as Director of the Centers for Medicare and Medicaid Services on Monday afternoon, July 12, 2010, and by the next morning was primed to discuss the important role of health information technology (HIT) in America. In addition to Dr. Berwick’s participation at the press briefing, other participants included David Blumenthal, MD, the Chief Coordinator for the HHS Office of National Coordinator of HIT (ONC), Regina Benjamin, MD, U.S. Surgeon General, and Regina Holiday, an individual who shared a personal experience involving access to health information and how such access impacts the care of patients. 

Quick Reference: The CMS Fact Sheet on both Final Rules is available here. 

Read the rest of this entry »