Meaningful Use EP Hardship Exception Deadline – July 1, 2014

Not able to meet meaningful use this year?  You may qualify for a hardship exception.  Eligible professionals that qualify for certain hardship exceptions can avoid the meaningful use payment adjustments in 2015 by submitting to CMS the 2015 Hardship Exception Application.  CMS has permitted the EPs to apply for a hardship exception based on the following reasons:

  • Infrastructure: Eligible professionals must demonstrate that they are in an area without sufficient internet access or face insurmountable barriers to obtaining infrastructure (e.g., lack of broadband).
  • New Eligible Professionals: Newly practicing eligible professionals who would not have had time to become meaningful users can apply for a 2-year limited exception to payment adjustments. Thus eligible professionals who begin practice in calendar year 2015 would receive an exception to the penalties in 2015 and 2016, but would have to begin demonstrating meaningful use in calendar year 2016 to avoid payment adjustments in 2017.
  • Unforeseen Circumstances: Examples may include a natural disaster or other unforeseeable barrier.
  • Patient Interaction: Lack of face-to-face or telemedicine interaction with patient or lack of follow-up need with patients.
  • Practice at Multiple Locations: Lack of control over availability of CEHRT for more than 50% of patient encounters.
  • 2014 EHR Vendor Issues: The eligible professional’s EHR vendor was unable to obtain 2014 certification or the eligible professional was unable to implement meaningful use due to 2014 EHR certification delays. (Note that CMS has published a proposed rule regarding lack of availability of 2014 CEHRT proposing to permit EPs in certain situations to attest to Stage 1, click here for further information).

Payment Adjustments & Hardship Exceptions Tipsheet for Eligible Professionals.  This tip sheet further describes the payment adjustments and includes frequently asked questions.

The following categories of EPs do not have to apply for a hardship exception but will automatically be granted one based on their status with CMS:

  • New providers in their first year (both eligible professionals and eligible hospitals).
  • Eligible professionals who are hospital-based: a provider is considered hospital-based if he or she provides more than 90% of their covered professional services in either an inpatient (Place of Service 21) or emergency department (Place of Service 23) of a hospital.
  • Eligible professionals with certain PECOS specialties (Anesthesiology-05, Pathology-22, Diagnostic Radiology-30, Nuclear Medicine-36, Interventional Radiology-94).

Eligible professionals that have not participated in the EHR Incentive Program in the past have the option of avoiding the 2015 payment adjustment if they successfully attest to meaningful use by October 1, 2014.  Those eligible professionals that qualify for any of the above hardship exceptions and will not be able to attest to meaningful use by October 1, 2014 may still apply for a hardship exception, but must do so by July 1, 2014.

For more information about the EHR Incentive Programs and meaningful use please contact Elana Zana.

 

 

CMS Proposed Revisions to Meaningful Use – A Welcome Delay

CMS has issued proposed revisions to meaningful use Stages 2 and 3 in response to numerous industry complaints that hospitals and provider groups will not be able to implement the 2014 certified EHR technology with enough time to meet meaningful use in 2014.  CMS, recognizing that EPs and hospitals are either using 2011 CEHRT, 2014 CEHRT, or a mixture of both, issued proposed rules addressing what each category must attest to in 2014.  In a substantial change from the Final Rules issued in September 2012, CMS has agreed to extend Stage 1 in 2014 for those EPs and hospitals that cannot successfully obtain or deploy 2014 CEHRT.  Further, CMS has proposed to delay Stage 3 meaningful use by one year. 

Medicaid Modification

The proposed rule modifies the AIU (adopt, implement and upgrade) exception for those EPs and hospitals attesting for the first time in 2014.  Hospitals and EPs attesting to AIU in 2014 must adopt, implement or upgrade to 2014 Edition CEHRT only, attesting to the 2011 Edition or a combination Edition will not satisfy the definition in 2014.

Meaningful Use Timeline

Originally, all Medicare EPs and hospitals were required to meet meaningful use using the 2014 Edition CEHRT for Stage 1 or Stage 2 in 2014.  This proposed rule delays this process as follows:

Table 2:  Proposed CEHRT Systems Available for Use in 2014

If you were scheduled to demonstrate: You would be able to attest for Meaningful Use:

Using 2011 Edition

CEHRT to do:

Using 2011 & 2014

Edition CEHRT to do:

Using 2014 Edition

CEHRT to do:

Stage 1 in 2014

2013 Stage 1 objectives and measures*

2013 Stage 1 objectives and measures*

-OR-

2014 Stage 1 objectives and measures*

2014 Stage 1 objectives and measures

Stage 2 in 2014

2013 Stage 1 objectives and measures*

2013 Stage 1 objectives

and measures*

-OR-

2014 Stage 1 objectives and measures*

-OR-

Stage 2 objectives and measures*

2014 Stage 1 objectives and measures*

-OR-

Stage 2 objectives and measures

 *Only providers that could not fully implement 2014 Edition CEHRT for the reporting period in 2014 due to delays in 2014 Edition CEHRT availability.  Note: Table 2 is directly from the CMS proposed rule (similar table in press release does not contain asterisk).

To take advantage of the delays, EPs and hospitals must attest that they were not able to upgrade or fully implement to the 2014 Edition CEHRT because of issues related to availability.  Providers that were planning on meeting Stage 2 in 2014 and are now going to attest to Stage 1 in 2014 will be required to begin Stage 2 in 2015.

Stage 3 Delay

CMS also proposed a delay in Stage 3 for a year.  This is welcome news considering that CMS has not yet built-out Stage 3 and is waiting for the results from Stage 2 to “inform [its] development of the criteria for Stage 3 meaningful use.”  Stage 3 will begin on January 1, 2017 for EPs and October 1, 2016 for hospitals and CAHs.  The proposed revised schedule is as follows:

TABLE 3–PROPOSED STAGE OF MEANINGFUL USE CRITERIA BY FIRST PAYMENT YEAR

 

First Payment Year

Stage of Meaningful Use

2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021
2011 1 1 1 1 or 2* 2 2 3 3 TBD TBD TBD
2012 1 1 1or 2* 2 2 3 3 TBD TBD TBD
2013 1 1* 2 2 3 3 TBD TBD TBD
2014 1* 1 2 2 3 3 TBD TBD
2015 1 1 2 2 3 3 TBD
2016 1 1 2 2 3 3
2017 1 1 2 2 3

*3-month quarter EHR reporting period for Medicare and continuous 90-day EHR reporting period (or 3 months at State option) for Medicaid EPs.  All providers in their first year in 2014 use any continuous 90-day EHR reporting period.  Note: Table 3 is directly from the CMS proposed rule (similar table in press release does not contain asterisk).

Clinical Quality Measures

CMS has also relaxed the requirements related to reporting on clinical quality measure in 2014.  Specifically, the method of CQM submission to CMS will depend on the edition of CEHRT deployed by the provider (States will still have discretion for submission requirements).

 

2011 Edition CEHRT

2011 & 2014

Edition CEHRT

2013 Stage 1 objectives

Method of Reporting Attestation Attestation
EP Reporting Requirements 3 core/alternate
3 additional
3 month reporting period (90 days if 1st year)
3 core/alternate
3 additional
3 month reporting period (90 days if 1st year)
Derived exclusively from 2011 CEHRT
Hospital/CAH Reporting Requirements 15 Stage 1 Measures
3 month reporting period (90 days if 1st year)
15 Stage 1 Measures
3 month reporting period (90 days if 1st year)
Derived exclusively from 2011 CEHRT

For those providers using a combination of 2011 and 2014 Edition CEHRT to report on either the 2014 Stage 1 measures or Stage 2 measures or the 2014 Edition CEHRT they should report CQMs as originally indicated in the Stage 2 final rule (i.e submitting electronically) and subsequent rule making.

ONC Modifications

In order to support the CMS revisions, ONC has made modifications to its CEHRT definition to reflect the proposed new required start dates.  ONC’s proposed revisions would move the required start dates for the 2014 Edition of CEHRT to October 1, 2014 for hospitals and CAHs and January 1, 2015 for EPs.

For more information on the EHR Incentive Program and meeting meaningful use please contact Elana Zana.

HHS Releases Security Risk Assessment Tool

Need help performing your HIPAA/Meaningful Use Security Risk Assessment?  Good news, HHS has released a tool to help!  In partnership with the Office of the National Coordinator, HHS created a tool, user guide, software, tutorial, videos and even an iOS App to help HIPAA covered entities and business associates perform the required HIPAA Risk Analysis.

The HIPAA Security Rule specifically requires (this is not an addressable specification) a Security Risk Analysis:

“Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”  45 CFR 164.308(a)(1)

In addition, those hospitals and eligible professionals seeking to meet meaningful use in order to receive the EHR Incentive dollars or avoid the Medicare payment adjustments must fulfill a HIPAA Security Risk Assessment.

Stage 1

Stage 2

Objective. Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.Measure. Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. Objective. Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical capabilities.Measure. Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the encryption/security of data stored in Certified EHR Technology in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP’s risk management process.

For those hospitals and eligible professionals looking to meet meaningful use, the Security Risk Assessment tool will generate a report that can be provided to auditors.  However, the report alone is likely insufficient because both the auditors and the  meaningful use requirements (above) require the correction of security deficiencies – so merely running a Security Risk Assessment without taking actions to remedy the problem will not suffice.  To read more about meaningful use audits and security risk assessments click here

In addition to releasing the Security Risk Assessment tool, HHS has created a helpful true/false statement with the Top 10 Myths of Security Risk Analysis.  This document highlights the misconceptions regarding the risk assessment requirements, including that all covered entities and business associates (regardless of the size) must conduct a risk assessment pursuant to HIPAA.  Importantly, though only eligible professionals & hospitals are eligible for meaningful use incentives and Medicare payment adjustments, business associates must also comply with the HIPAA Security Rule pursuant to the HITECH Act.  Therefore, business associates must also conduct security risk assessments, and per recent guidance from HHS, business associates are likely part of the next round of HIPAA audits.

For more information about HIPAA, security risk assessments, and meaningful use please contact Elana Zana.

Meaningful Use Exception Includes EHR Vendor Delays

Following its announcement at HIMSS, CMS has published its hardship exception application for 2014 along with its new exception due to vendor delays.  The new exception permits eligible hospitals and eligible professionals to request an exception from the 2015/2016 payment adjustments due to 2014 EHR Vendor Issues.  Specifically, CMS now permits an exception due to the inability of the vendor to obtain 2014 certification or if the hospital or EP was unable to implement meaningful use due to 2014 EHR certification delays.  Along with filling out the EP or Hospital exception forms, those requesting the exception must submit a notification from the EHR vendor.

For EPs and hospitals who are demonstrating meaningful use for the first time, they may apply for this hardship exception to avoid the 2015 payment adjustments.  For those EPs and hospitals who have previously demonstrated meaningful use, they may use this hardship exception to avoid 2016 payment adjustments.

For hospitals, the hardship exception request for 2015 payment adjustments is due April 1, 2014.  For eligible professionals, the hardship exception request for 2015 payment adjustments is due July 1, 2014.  However, for those EPs that have not previously participated in the Medicare EHR Incentive Program they can submit attestation by October 1, 2014 and also avoid the payment adjustments.  CMS has also issued guidance for applying for the EHR Vendor hardship exception for EPs and hospitals.

For more information about the Medicare or Medicaid EHR Incentive Program or applying for these hardship exceptions please contact Elana Zana.

Medicare EHR Incentive Program Deadline Extended

CMS announced last week that it has extended the registration and attestation deadline for the Medicare EHR Incentive Programs to March 31, 2014 for eligible professionals.  This month long extension will aid eligible professionals in compiling their meaningful use data from 2013 and filling out the registration process (which can be time consuming).

In addition, CMS is offering to assist eligible hospitals who experienced difficulty with their attestation.  This assistance will allow eligible hospitals to submit their attestation retroactively to avoid the 2015 payment adjustment.  To do so, hospitals must contact CMS by March 15, 2014.  Eligible hospitals are instructed to contact CMS at EH2013Extension@Provider-Resources.com  no later than 11:59 PM EST on Marfch 15, 2014.

  1. Type “EH 2013 EXTENSION” in the subject line of the email note
  2. Include the following information:
    • CCN;
    • hospital name;
    • contact person name;
    • contact person email; and
    • contact person phone number.

CMS will then contact the designated individual to discuss the retroactive extension.

As a reminder, these extensions are for the Medicare EHR Incentive Program only, and do not apply to the Medicaid EHR Incentive Program.  In Washington, the deadline to apply for the Medicaid EHR Incentive Program remains February 28, 2014.

For more information about the EHR Incentive Programs or meaningful use generally please contact Elana Zana.

Washington Medicaid EHR Incentive Program Webinar

The Washington State Health Care Authority announced that it will be hosting a webinar to aid in the registration for the Medicaid EHR Incentive Program.  This will help providers who are registering and attesting to both adopt, implement and upgrade and meaningful use.

Topics Include: Navigating the WA ST EHR Attestation Application-eMIPP (MU Stage 1)

  • Attestation
  • Navigating the eMIPP application
  • How to get paid correctly
  • Live Q & A after presentation

To register click here.

The state of Washington has also published helpful tools for registration, including user guides and state specific worksheets (for example the .95 multiplier).

These webinars are very informative and it is recommended that all first time applicants (and those applicants that need a refresher) attend.

Also, note that though the Medicare EHR Incentive Program has extended registration through March 31, 2014, the Washington Medicaid EHR Incentive Program requires registration and attestation by February 28, 2014.

For assistance with registration and attestation for the Medicare or Medicaid EHR Incentive Program please contact Elana Zana.

 

Meaningful Use Audits – Security Risk Analysis

‘Tis the season for Meaningful Use, the time of year when eligible professionals (EPs) and eligible hospitals (EHs) compile their data from the meaningful use measures and prepare for attestation.  It is also the season of meaningful use audits.  A lesson learned from recent audits: CMS means what it says – EPs and EHs must conduct a security risk analysis.  This measure is not one to be taken lightly – it’s a HIPAA requirement, and CMS auditors are on the lookout for documentation (remember, all documentation must be retained for 6 years).

Regardless of whether EPs or EHs are attesting to Stage 1 or Stage 2, or the fact that they performed a security risk analysis last year, this objective and measure must be fulfilled each year:

 

Stage 1

Stage 2

Objective. Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.Measure. Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process. Objective. Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical capabilities.Measure. Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the encryption/security of data stored in Certified EHR Technology in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP’s risk management process.

The HIPAA requirement for a Security Risk Analysis pursuant to 45 CFR 164.308(a)(1) is as follows:

“Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”

CMS Meaningful Use audits have specifically called out this objective and measure and are requiring participants to prove that a Security Risk Analysis has actually occurred.  Though the HIPAA Security Officer should have conducted a security risk analysis for the entire practice/hospital, EPs and EHs should maintain a copy of this assessment with their meaningful use documentation and should review the assessment to make sure that the risk analysis complies with the meaningful use requirements (note: the Stage 2 requirements are significantly broader).

Below is the audit question that was sent to some Stage 1 EPs:

“Provide proof that a security risk analysis of Certified EHR Technology was performed prior to the end of the reporting period (i.e. report which documents the procedures performed during the analysis and the results of the analysis).  If deficiencies are identified in this analysis, please supply the implementation plan; this plan should include the completion dates.”

Note that the audit request indicates that further documentation is needed to satisfy the auditors.  EPs must show the implementation plan and the completion dates.  As per the measure itself, the requirement is not merely to conduct a security risk analysis, but the EPs and EHs must implement security updates and correct security deficiencies.  EPs and EHs should document these steps as well in order to appropriately respond to an audit request.

CMS has recently issued a new tip sheet to assist EPs and EHs in fulfilling the security risk analysis requirement.  In addition ONC has published guidance on HIPAA Security Risk Analysis requirements.  The CMS tip sheet includes some common myths surrounding risk analysis such as:

  • “I only need to do a risk analysis once.”

False. To comply with HIPAA, you must continue to review, correct or modify, and update security protections.

  • “My EHR vendor took care of everything I need to do about privacy and security.”

False. Your EHR vendor may be able to provide information, assistance, and training on the privacy and security aspects of the EHR product. However, EHR vendors are not responsible for making their products compliant with HIPAA Privacy and Security Rules. It is solely your responsibility to have a complete risk analysis conducted.

  • “The security risk analysis is optional for small providers.”

False. All providers who are “covered entities” under HIPAA are required to perform a risk analysis. In addition, all providers who want to receive EHR incentive payments must conduct a risk analysis.

  • “Simply installing a certified EHR fulfills the security risk analysis MU requirement.”

False. Even with a certified EHR, you must perform a full security risk analysis. Security requirements address all electronic protected health information you maintain, not just what is in your EHR.

Responding to a Meaningful Use audit can be time consuming and very detailed oriented — thus, maintaining the appropriate documentation is essential.  For assistance with Meaningful Use or HIPAA security risk assessments, please contact Elana Zana.

Sequester Payment Reductions to Medicare EHR Incentive Payments

CMS has confirmed that the mandatory reductions in federal spending aka the sequester will affect the Medicare EHR Incentive Program payments made in 2013.  Accordingly, all Medicare EHR Incentive Program payments made to hospitals and eligible professionals will have a 2% reduction.  This reduction applies to any hospital or eligible professional that participates in the program with a reporting period ending on or after April 1, 2013. 

The 2% reduction will not apply to the Medicaid EHR Incentive Program.  Therefore, those hospitals and eligible professionals expecting Medicaid EHR Incentive Program payments will receive the full amount without any sequester related reduction. 

If you have questions regarding the Medicare or Medicaid EHR Incentive Program please contact Elana Zana.

2013: A Critical Year for Medicare Incentive Programs

Amid all the recent attention given to the long-awaited modifications to HIPAA under the HITECH Act published earlier this year, it may be easy for Medicare providers to overlook the fact that 2013 is an important year for three Medicare payment incentive programs:  (1) the Physician Quality Reporting System Program; (2) the Electronic Prescribing Program; and (3) the Medicare Electronic Health Record Incentive Program.  As discussed below, there are important milestones and deadlines in 2013 for each of these programs associated with either receiving incentive payments or avoiding payment adjustments.

Physician Quality Reporting System (PQRS) Program

The PQRS Program is intended to promote the reporting of quality information by eligible professionals (EPs).  The incentives and payment adjustments for the PQRS program are based on whether an EP satisfactorily reports data on program-specified quality measures for covered physician fee schedule (PFS) services furnished to Medicare Part B fee-for-service (FFS) beneficiaries.  EPs can qualify to receive an incentive based on the 2013 reporting year (i.e. January 1, 2013 – December 31, 2013) equal to 0.5% of an EP’s total estimated Medicare PFS allowed charges for the 2013 reporting period.

The 2013 reporting year is also a critical year for the PQRS program because it is the first reporting year that will be used to apply the program’s payment adjustments.  Although the payment adjustments do not begin until 2015, the adjustments are based on information reported in the two-year “look back” reporting period, i.e., the 2013 reporting year for the 2015 payment adjustments, the 2014 reporting period for the 2016 payment adjustments, etc.  To avoid the payment adjustment for a particular year, an EP must satisfactorily report data in the applicable reporting period.  CMS will penalize EPs for failing to participate in the PQRS program in 2013 by reducing the 2015 Medicare PFS allowed charges by 1.5%.

Furthermore, one way an EP practicing in a group practice can report data for the PQRS program is through the group practice reporting option (GPRO).  Under the GPRO, a group practice may make PQRS reports for all individual EPs in the same group practice.  The deadline for a group practice to elect to report using the GPRO is October 15, 2013.

Electronic Prescribing (eRx) Incentive Program

The eRx Incentive Program is intended to encourage electronic prescribing by EPs.  2013 is the last year that EPs who are successful e-prescribers can qualify to earn an incentive payment.  The incentive payment for 2013 is equal to 0.5% percent of an EP’s total estimated Medicare PFS allowed charges for the 2013 reporting period (i.e., January 1, 2013 – December 31, 2013).  At the same time, the 2013 six-month reporting period from January 1, 2013 – June 30, 2013 is the final reporting period to avoid the 2014 eRx payment adjustment.  The 2014 payment adjustment for EPs who are not successful e-prescribers is equal to 2.0% of the EP’s Medicare PFS allowed charges.  An EP may be exempt from the 2014 eRx payment adjustment if the EP meets one of the payment adjustment exclusion criteria or the EP requests and CMS approves a hardship exemption.  An EP must qualify for one of the 2014 payment adjustment exclusion criteria or submit a hardship exemption request to CMS by June 30, 2013 to avoid the 2014 payment adjustment.

Medicare EHR Incentive Program

This program is intended to encourage Medicare EPs, hospitals and critical access hospitals to achieve “meaningful use” of certified EHR technology.  Payment adjustments for the Medicare EHR Incentive Program begin in 2015.  However, because of the two-year “look back” period adopted by CMS for the adjustments, EPs must demonstrate “meaningful use” in 2013 to avoid payment adjustment in 2015.  EPs who first demonstrate meaningful use in 2013 must demonstrate meaningful use for a 90-day reporting period in 2013 to avoid payment adjustments in 2015.  This means that October 3, 2013 is the last day for EPs who are demonstrating meaningful use for the first time to begin their 90-day reporting period.  EPs who first demonstrated meaningful use in 2011 or 2012 must demonstrate meaningful use for the full year in 2013 to avoid the 2015 payment adjustments.  The payment adjustment amount for 2015 is 1% of the EP’s PFS allowed charges for services furnished by the EP in 2015.

Summary of Key 2013 Dates:

June 30, 2013:

  • eRX: End of the 2013 six-month reporting period to avoid the 2014 payment adjustment
  • eRx: Last day for an EP to submit hardship exemption request to CMS to avoid the 2014 payment adjustment

October 3, 2013:

  • Medicare EHR: Last day for EPs to begin 90-day reporting period for Medicare EHR incentive (if 2013 is the EP’s first year of program participation)

October 15, 2013:

  • PQRS:  Deadline for group practices to submit self-nomination statement for group reporting option for PQRS program
  • PQRS:  Last day for EPs to elect the administrative claims option to avoid the 2015 PQRS payment adjustment

December 31, 2013:

  • PQRS:  End of period to avoid the 2015 PQRS payment adjustment
  • PQRS, eRx, Medicare EHR:  Participation year ends for all programs

In sum, Medicare providers should take note of the above dates related to the PQRS, eRx and Medicare EHR Incentive Programs, especially those dates associated with actions which they will need to take or achieve in order to avoid the applicable program payment adjustments beginning in 2015.

For more information about the Medicare incentive programs discussed above, please contact Lee Kuo.

 

EHR Incentive Program Timeline Tool

CMS has recently launched a new tool which enables eligible professionals to determine which year they should meet each stage of meaningful use and the amount of incentive dollars available for the eligible professional.  This tool is useful in light of the changes to the EHR Incentive Program timeline made in the Stage 2 Final Rules.  The tool is applicable for eligible professionals applying for either the Medicare or Medicaid EHR Incentive Program.  To access the tool click here.

If you have questions regarding the EHR Incentive Program please contact Elana Zana.