Though the HIPAA Final Rules were expected to be out before the end of the month, it seems that the end is not yet in sight. Last week, the Office of Management and Budget (OMB) extended its review of the HIPAA Final Rules. This review consisted of the HITECH updates, including the HIPAA Privacy and Security Rule, Enforcement and the Breach Notification Requirements. It is unclear how long the HIPAA Final Rules were extended, the OMB has the option of extending the final rule for thirty days or indefinitely. Comments from HHS indicate that the HIPAA Final Rules should be out sometime this summer. But for now, we must wait…
ONC has recently released a new “Guide to Privacy and Security of Health Information” which incorporates tips on complying with HIPAA Privacy and Security as well as meeting related meaningful use measures. The guide is designed for clinical providers and focuses on the following:
- Privacy & Security and Meaningful Use
- Security Risk Analysis and Management Tips
- Working with EHR and Health IT Vendors
- A Privacy & Security 10-Step Plan
- Health IT Privacy and Security Resources
Specifically, with regard to Meaningful Use, the guide describes Meaningful Use measures 12 and 15:
#12. Provide patients with an electronic copy of their health information (including diagnostics test results, problem
list, medication lists, medication allergies) upon request. To learn more about this measure click here.
#15. Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities. To learn more about this measure click here.
If you have questions regarding HIPAA Privacy and Security or Meaningful Use please contact Elana Zana.
The Washington State Health Care Authority has announced a traveling seminar on calculating and registering for the Medicaid EHR Incentive Program. The seminar is aimed at group registration and defining the group proxy methodology to calculate patient volume.
The seminars are as follows:
May 1: Wenatchee
May 3: Spokane
May 8: Yakima
May 16: Seattle
May 17: Mt. Vernon
May 22: Silverdale
May 24: Olympia
To register click here (the link will take you to the Seattle registration, scroll down on that page for other registration links).
Interested in Health Information Technology and live in the Pacific Northwest? Then you should attend the MIT Enterprise Forum on Health IT.
Wed, 03/14/2012 - 5:00pm - 8:30pm
Ogden Murphy Wallace is a proud sponsor of the event.
Health IT is transforming our healthcare system. Healthcare reform, industry consolidation, and demographic changes have spurred a significant increase in the U.S. healthcare industry’s use of technology to improve health and enhance the patient experience while trying to help control the ever-increasing cost of care. New players are emerging and cloud computing, social media, and mobile technology solutions targeting patients and healthcare providers are creating new opportunities.
Join us for our March 14 MIT Enterprise Forum and discover how NW technology entrepreneurs can identify these opportunities and succeed in the health IT market. Our panel of industry thought-leaders moderated by Rob Coppedge, Vice President of Business and Corporate Development at Cambia Health Solutions, includes:
- Sailesh Chutani, CEO, Mobisante
- Peter Gelpi, CEO, Clarity Health
- Luis Machuca, President & CEO, Kryptiq Corporation
- Gwen O’Keefe, MD, Chief Medical Informatics Officer, Group Health
Our panel will provide an overview of major health IT trends, the new opportunities technology presents for both patients and healthcare providers, as well as explain how this may enable change in the traditional healthcare industry cost structure. Most importantly, our speakers will identify business opportunities and what regulatory restrictions such as HIPAA really mean for the NW technology entrepreneur community.
During this event, you will learn:
- How the health IT market has changed in the wake of healthcare reform and government investment incentives
- What different types of care and cost models might look like, and what opportunities those present for entrepreneurs
- Potential sources of funding for innovative health IT technologies
- Approaches entrepreneurs can take to handle barriers presented by government regulations such as HIPAA
CMS announced today its proposed rule (NPRM) on Stage 2 of the EHR Incentive Program Meaningful Use requirements. These requirements apply to both eligible professionals and hospitals participating in the Medicare and Medicaid EHR Incentive Program. As previously announced, and proposed within this NPRM, the onset of the Stage 2 meaningful use requirements will not begin until 2014.
The Stage 2 requirements include greater applicability to specialists, changes to the clinical quality measures, and modifications to the core and menu measures. CMS has issued a fact sheet that briefly summarizes the Stage 2 requirements.
The NPRM will be published in the Federal Register on March 7, 2012.
For questions regarding the Stage 2 proposed requirements or for assistance related to the Medicare or Medicaid EHR Incentive Program please contact Elana Zana.
CMS recently published its proposed rules on reporting and returning overpayments. These rules are intended to implement the 60 day overpayment reporting requirement pursuant to the Affordable Care Act (the “ACA”). The ACA created a new section 1128J(d) of the Social Security Act requiring a person who receives an overpayment to return and report the overpayment to HHS, the State, a carrier or a contractor and notify the recipient of the reason for the overpayment. The statute requires that all overpayments be refunded within 60 days after the date the overpayment was identified or the date of any corresponding cost report (as applicable), whichever is later.
The proposed regulations only relate to Medicare Parts A and B. Medicaid, Medicare Advantage, Part D, and managed care organizations are not covered by the proposed rules; however, the 60 day shot clock noted in the statute still applies.
The proposed rules rename the current voluntary refund process the “self-reported overpayment refund process” (described more fully in the Medicare Financial Management Manual). Providers will use voluntary refund forms currently on the websites of their Medicare contractors. Reports of overpayments will require the inclusion of the following information:
3) How the error was discovered;
4) The reason for the overpayment;
5) The health insurance claim number, as appropriate;
6) Date of service;
7) Medicare claim control number, as appropriate;
9) Description of the corrective action plan to ensure the error does not occur again;
10) Whether the person has a corporate integrity plan with the OIG or is under the OIG Self-Disclosure Protocol;
11) The timeframe and the total amount of the refund for the period during which the problem existed that caused the refund;
12) If a statistical sample was used to determine the overpayment amount, a description of the statistically valid methodology used to determine the overpayment; and
13) A refund in the amount of the overpayment.
Under the proposed rules, providers are required to report the overpayment within 60 days of identification and refund the overpayment within the same 60 day period. Providers may request a refund extension through the extended repayment schedule. A person has “identified” an overpayment if that person has actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the existence of the overpayment. Providers who retain an overpayment after the 60 day deadline for reporting and returning the overpayment are liable under the False Claims Act. Additionally, any person who knows of an overpayment and does not report and return the overpayment may be found liable for Civil Monetary Penalties and excluded from participation in federal health care programs.
Significantly, the proposed rules also set a lookback period of 10 years, meaning that if a provider identifies an overpayment within 10 years of the date the overpayment is received it will have to report and refund such overpayment.
SRDP and OIG Self-Disclosure Protocol
CMS attempts to reconcile these proposed regulations with the OIG Self-Disclosure Protocol and the new CMS Self-Referral Disclosure Protocol (“SRDP”) (which allows reports of Stark Law violations). The reconciliation falls flat and creates confusion which will hopefully be remedied in the final rule.
The 60 day deadline for returning overpayments will be suspended if the OIG acknowledges receipt of submission to the OIG Self-Disclosure Protocol. This suspension will last until a settlement agreement is entered, the person withdraws from the OIG Self-Disclosure Protocol, or the person is removed from the OIG Self-Disclosure Protocol. Additionally, a person satisfies the reporting requirements listed above by making a disclosure under the OIG Self-Disclosure Protocol which results in a settlement agreement.
Similarly, the 60 day deadline for returning overpayments is suspended if CMS acknowledges receipt of a submission to the SRDP until such time as a settlement agreement is entered, a person withdraws from the SRDP, or the person is removed from the SRDP. However, the reporting requirement described above is not tolled by submission to the SRDP.
Regardless of these proposed rules, providers must currently report and refund overpayments within 60 days per the ACA. CMS has opened public comment on these proposed rules through April 16, 2012. If you would like assistance on drafting comments or assistance with reporting an overpayment please contact Don Black or Elana Zana.
Now that most states have their Medicaid EHR Incentive Program in full swing we have gotten a glimpse of what they are requiring for attesting to “adopt, implement and upgrade” aka “AIU”. As described in the CMS rules themselves, practices need to show that they have some skin in the game and have actually invested in an EHR product. Many states are asking that an EP (or group practice) upload the actual EHR software contract (or a redacted version). Some states (such as California) are requesting a signed vendor statement in lieu of the full contract.
If you are a practice in the process of negotiating an EHR contract, you may want to consider including a provision in the contract specific to the AIU attestation requirements of the state your practice is in. For example, requiring in the contract itself that the software vendor execute any documents required by the state to attest to AIU or that the vendor provide a letter acknowledging the practice’s EHR license (if such a letter is acceptable in your state). Similar provisions are recommended in situations where the practice is involved with a Stark donation arrangement or other type of third party contract.
Setting expectations up front and creating a contractual obligation will help ensure that the software vendor or other third party contractor does not stand in the way of your practice receiving EHR incentive dollars.
The Accountable Care Organization (“ACO”) final rules show that comments to CMS really do make a difference. The public outcry against the 65 quality measures proposed in the spring led to CMS’ 50% cut of the number quality measures. Along with the large cut, CMS explained its plan for allowing ACOs to meet the measure requirements by reporting on the measures in the first year and receiving “pay for performance” in the following years based on the weighted scores received in each quality measure.
The revised list of quality measures are broken out into 33 different measures (predominately with NQF measure numbers) with four umbrella categories and five subcategories as follows:
- Patient/Caregiver Experience (7 measures)
- Care Coordination/Patient Safety (6 measures, includes the EHR Incentive Program)
- Preventative Health (8 measures)
- At Risk Population (12 measures)
- Diabetes (6 measures)
- Hypertension (1 measure)
- Ischemic vascular disease (2 measures)
- Heart failure (1 measure)
- Coronary Artery Disease (2 measures)
The tables provided in the final rule at pages 67889-90 are particularly helpful in visually identifying the measures, the method of data submission and whether the particular measure is pay for reporting or pay for performance. The measures will be submitted to CMS through either surveys (for patient/caregiver experience measures), claims, the EHR Incentive Program, or the Group Practice Reporting Option (“GPRO”) Web Interface. The surveys will be conducted using the Consumer Assessment of Healthcare Providers and System (“CAHPS”) surveys for 2012 and 2013, in future years, ACOs will have to select a CMS approved vendor to administer the surveys.
EHR Incentive Program
One of the significant changes to the quality measures was the expansion of the EHR incentive program related measure. The quality measure no longer requires that 50% of the primary care providers to achieve meaningful use in order for the ACO to participate. The EHR quality measure now recognizes those participating in the Medicaid EHR Incentive Program do not have to meet meaningful use requirements in their first year of participation. As such, the new measure now includes primary care providers that successfully qualify for the EHR Incentive Program under either Medicare or Medicaid. In addition, CMS cut previously proposed measures that were redundant with the EHR Incentive Program such as the measure concerning clinical decision support and electronic prescribing.
CMS still emphasizes the importance of the usage of the EHR technology by giving the EHR quality measure a higher weight. Eligible professionals participating in ACOs are still eligible to separately participate in the EHR Incentive Programs or the e-prescribing incentive program.
Pay for Reporting vs. Pay for Performance
In the first year of participation, all of the quality measures may be satisfied by merely reporting on the quality measures. For pay for reporting, ACOs will earn the maximum sharing rate for complete and accurate reporting of 100% of the required data, and no quality threshold must be met. In the second year, 25 of the quality measures will be pay for performance, and eight will continue to be pay for reporting. In the third year, all but one quality measure will be on a pay for performance basis.
In the pay for performance years, each domain will be given equal weight of 25% in the calculation of the ACOs overall quality performance score. Each of the individual measures will be equally weighted within the domains, except for the EHR Incentive Program quality measure which is double weighted. ACOs must minimally attain 30% (or be in the national 30th percentile) for that quality measure. Subregulatory guidance will indicate the quality performance rates an ACO needs to achieve in order to earn the maximum quality points in a domain.
Recognizing that meeting all 33 measures in a given year may be difficult, CMS is requiring that ACOs achieve the quality performance standards on 70% of the measures in each domain. Failure to achieve the 70% standard will result in a corrective action plan and re-evaluation in the final year. However, if an ACO scores a zero for an entire measure, it will not be able to share in the savings generated. Due to the double weight of the EHR measure, failure to meet the EHR measure in the Care Coordination domain would cause the ACO to miss the 70% cut-off.
Reporting Calendar & PQRS
ACOs are expected to report on the quality measures on a calendar year basis, beginning with the reporting period starting January 1, 2012 through December 31, 2012. Even though a “performance year” in the regulations may begin in April or July of 2012 and end in December 2013, the quality performance for the first performance year will be based on reporting of the measures from January 1, 2013 through December 31, 2013. Eligible professionals participating in an ACO that start the agreement in April or July of 2012 will also qualify for the 2012 PQRS incentive under the Shared Savings program by reporting the ACO GPRO measures for the full 2012 Physician Quality Reporting System (“PQRS”) calendar year reporting period.
Note that ACO participant entities that want to qualify for PQRS must participate as group practices and not separately participate or earn a PQRS incentive outside of the Shared Savings Program. Individual ACO providers may not seek to qualify for the individual PQRS incentive under the traditional PQRS plans. CMS also relaxed its requirements regarding the PQRS incentives. If an ACO fails to meet the Shared Savings Program quality performance measures and therefore is not eligible for shared savings, the participating entities may still be eligible to receive the PQRS incentive under the Shared Savings Program.
More Updates Coming
ACO participants should keep an eye out for subregulatory guidance which will detail the annual measure specifications. CMS plans on releasing specifications in December and in the first quarter of 2012.
For more information regarding the ACO quality measures or ACOs in general, please contact Elana Zana.
HHS announced today that eligible professionals (“EPs”) and hospitals who begin participating in the EHR Incentive Program in 2011 will not have to meet the Stage 2 Meaningful Use standards until 2014. Therefore, those EPs and hospitals participating in the Medicare EHR Incentive Program in 2011 will be able to show Stage 1 meaningful use in 2011, 2012, and 2013. Those participating in the Medicaid EHR Incentive Program in 2011 will show Adopt, Implement or Upgrade in 2011, and Stage 1 meaningful use 2012 and 2013.
If you have questions on achieving meaningful use or the Medicare and Medicaid EHR Incentive Programs please contact Elana Zana.
Yesterday, the OIG issued Advisory Opinion No. 11-16 regarding the provision by a pediatric hospital of housing, transportation, meals and other miscellaneous items to patients participating in clinical research protocols. The OIG determined that while the arrangement could potentially generate prohibited remuneration under the anti-kickback statute, the OIG would not impose civil monetary penalties.
The decision noted that the hospital’s provision of these services was not intended to induce referrals of federal health care program business. The purpose behind these services was to enable the patients and families to seek treatment at the hospital. The OIG identified factors that protected the provision of these services from the risk of fraud and abuse:
1. The hospital was a not-for-profit institution which relied primarily on donations, and is reimbursed less than a quarter of its costs from federal health care programs.
2. The nature of the services provided are not likely to induce self referral to the hospital considering that the hospital focuses on treatment for catastrophic diseases of children.
3. The purpose of the services is to enable compliance with the research protocols and allow the hospital to more closely monitor its patients.
4. The lodging facilities are designed for infection control.
5. The provision of meal assistance ensures that the patients and families are able to satisfy basic nutritional requirements.
6. These services are not marketed to prospective patients, their families or referring physicians.
7. There is a substantial public benefit from the specialized care and the research.
As with all of its opinions, the OIG clarifies that the opinion only applies to the requestor of the opinion. If you have questions regarding this advisory opinion please contact Elana Zana.