Meaningful Use
CMS Releases CPC+ Sites and Details Track 1 and Track 2 Payment Methods
Key Takeaway: The Centers for Medicare & Medicaid Services (CMS) announces Comprehensive Primary Care Plus (CPC+) payment model details.
Why it Matters: CMS has created CPC+ to facilitate primary care practices to better support patients with chronic diseases including delivering preventive care and more coordinated care. CPC+ offers a pathway for practices interested in qualifying for the incentive payment for Advanced Alternative Payment Models (APMs) through the proposed Quality Payment Program. CMS estimates that up to 5,000 primary care practices serving an estimated 3.5 million beneficiaries could participate in the model. CPC+ is a five-year model starting in January 2017. 57 yet-to-be-named practices are expected to participate. CMS is accepting applications between August 1 and September 15 from those in selected states/regions.
There will be two participation tracks. Practices applying to Track 2 will need to submit a letter of support from their health IT vendor(s) that outlines vendors' commitment to supporting the practice with advanced health IT capabilities. CMS will sign a Memorandum of Understanding with those health IT vendors supporting Track 2 practices selected to participate in CPC+.
Quality Measurement
CMS Releases IPPS Final Rule and eCQMs Mandates
Key Takeaway: The Centers for Medicare & Medicaid Services (CMS) to require full-year reporting of eight electronic clinical quality measures (eCQMs) in 2017 and 2018.
Why it Matters: In the proposed IPPS rule CMS called for increasing the number of eCQMs from four in 2016 to 15 in 2017. CMS elected in the final rule to, among other things:
- Decrease their proposal of 15 eCQMs down to eight for 2017 reporting/2019 payment and for 2018 reporting/2020 payment years.
- Increase the reporting period from a quarter in 2016 to a full year in 2017.
- Update the Extraordinary Circumstances Extensions or Exemptions (ECE) policy by:
- Extending the ECE request deadline for non-eCQM circumstances from 30 to 90 calendar days following an extraordinary circumstance, beginning in FY 2017 as related to extraordinary circumstance events that occur on or after October 1, 2016; and
- Establishing a separate submission deadline of April 1 following the end of the reporting calendar year for ECEs related to eCQMs beginning with an April 1, 2017 deadline and applying for subsequent eCQM reporting years.
CHIME comments on the proposed rule called for retaining four eCQMs for 2017 and a reporting period of a quarter. We will continue to advocate for greater flexibility for quality reporting to ease burdens on providers.
Cybersecurity
New Guidance on Internet of Things
Key Takeaway: The National Institute of Standards and Technology (NIST) announced the Release of Special Publication 800-183, Network of 'Things.'
Why it Matters: NIST recently announced the release of Special Publication (SP) 800-183, Networks of ‘Things’. SP 800-183 offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication, and actuation. The material presented here is generic to all distributed systems that employ IoT technologies (i.e., ‘things’ and networks). SP 800-183 is targeted at computer scientists, IT managers, networking specialists, and networking and cloud computing software engineers who are seeking guidance into how best to leverage this new distributed computing paradigm. It also offers IT and software professionals with a common vocabulary from which discuss this technology. NIST Public Affairs Office issued a press release of the Special Publication.
NIST Cybersecurity Framework Update Forthcoming
Key Takeaway: The National Institute of Standards and Technology (NIST) is developing a minor update of its Cybersecurity Framework based on feedback from its users.
Why it Matters: In the just released Cybersecurity Framework Feedback: What We Heard and Next Steps, NIST is announcing that a draft of the update will be published for comment in early 2017. NIST plans to review references in the document to ensure that they are current, and per user requests, is considering clarifying the framework’s Implementation Tiers, a mechanism for organizations to gauge their approach to managing cybersecurity risk. NIST may also add guidance for applying the framework for supply chain risk management. The need to refine and clarify small portions of the framework was evident in comments received through a December 2015 Request for Information and an April 2016 workshop (see video of event) that included 800 participants from industry, government and academia.
Patient Safety
New FDA Draft Guidance
Key Takeaway: FDA published new draft guidance aimed at clarifying when a change to a device warrants FDA clearance.
Why it Matters: FDA explains that this guidance, when finalized, will assist industry and Agency staff determine when a software (including firmware) change to a 510(k)-cleared or a preamendments device subject to 510(k) (including existing devices) requires a manufacturer to obtain FDA clearance of a new premarket notification (510(k)). A 510(K) is a premarket submission made to FDA to demonstrate that the device to be marketed is at least as safe and effective, that is, substantially equivalent, to a legally marketed device that is not subject to premarket approval.
This new draft guidance specifically addresses software modifications. FDA regulatory criteria call for submitting premarket notification when a device has been changed or modified significantly such that it could affect the safety or effectiveness of the device or when a major change or modification of the device has been made. FDA 1997 guidance clarified the phrase "could significantly affect the safety or effectiveness of the device" and the use of the adjectives "major" and "significant" sometimes lead FDA and device manufacturers to different interpretations. That guidance provided the Agency's interpretation of these terms, with principles and points for manufacturers to consider in analyzing how changes in devices may affect safety or effectiveness and determining whether a new 510(k) must be submitted for a particular type of change. This new draft guidance preserves the basic format and content of the original, with updates to add clarity. The added clarity, FDA says, is intended to increase consistent interpretations of the guidance by FDA staff 120 and manufacturers.
FDA provides a flow chart and answers to six questions to help determine when a device must be resubmitted for clearance. The first question they address involves cybersecurity and the FDA notes, "In many cases, a change made solely to strengthen cybersecurity is not likely to require a new 510(k)."
According to a notice in the Federal Register comments on the guidance are due November 7th.