Meaningful Use
The Push for 90-Day Reporting in 2016 Continues!
Key Takeaway: CHIME, along with 20 additional organizations, send CMS a letter urging a 90-day reporting period.
Why it Matters: Today, CHIME and others implored CMS to finalize a proposal offered in the Outpatient Prospective Payment System (OPPS) rule and change the Meaningful Use reporting period to 90 days for all providers. CHIME has consistently advocated for this and has called upon CMS year after year to adopt a 90-day reporting period, something this is particularly helpful given that the program’s “pass / fail” construct remains intact. CHIME successfully helped get the reporting period changed in previous years. The change for 2015 was made at the very last minute last year. In order to give providers as much time to prepare and to take advantage of this change, we are urging CMS to finalize their proposal as soon as possible.
CMS Meaningful Use Webinars
Key Takeaway: The Centers for Medicare and Medicaid Services (CMS) is hosting two webinars on 2016 reporting.
Why it Matters: CMS will host two webinars in August that highlight how to participate successfully in the EHR Incentive Programs in 2016 based on the criteria outlined in the October 2015 final rule. The first webinar will discuss criteria for eligible professionals (EPs) and the second will highlight requirements for eligible hospitals and critical access hospitals (CAHs). Registration information is below.
Eligible Professionals:
- Thursday, August 25, 1:00 pm – 2:00 pm ET
- Register: https://engage.vevent.com/rt/cms/index.jsp?seid=502
Eligible Hospitals/CAHs:
- Tuesday, August 30, 12:00 pm – 1:00 pm ET
- Register: https://engage.vevent.com/rt/cms/index.jsp?seid=506
Cybersecurity
NIST issues new RFI
Key Takeaway: CHIME has formed a workgroup to respond to a new National Institute of Standards and Technology (NIST) Request for Information (RFI) on cybersecurity.
Why it Matters: The new RFI, while not specific to the healthcare sector, is nonetheless of interest and CHIME plans on responding. The Commission on Enhancing National Cybersecurity requests information about current and future states of cybersecurity in the digital economy. As directed by Executive Order 13718, the commission will make detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between federal, state and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices. NIST has been tasked with providing the commission with such expertise, services, funds, facilities, staff, equipment, and other support services as may be necessary to carry out its mission.
The commission is seeking information on the following topics: critical infrastructure cybersecurity, cybersecurity insurance, cybersecurity research and development, cybersecurity workforce, federal governance, identity and access management, international markets, internet of things, public awareness and education, and state and local government cybersecurity.
The RFI was published on August 10 with a short comment deadline of September 9. We are hosting two workgroup calls on Monday, August 22, and Wednesday, August 24, both at noon ET to help shape our comments. Please RSVP to Mari if you want to be added.
Federal Security Conference
Key Takeaway: NIST and the Office for Civil Rights (OCR) co-host security event.
Why it Matters: For the past several years, NIST and OCR have teamed up for an annual conference on HIPAA security issues. This year, the event will be held in downtown Washington D.C., on October 19-20. Attendees can attend in person or via webinar. The cost to attend is $578 which includes food (or $272 without catering) or $200 to attend the webcast. For more information, go here. The agenda has not yet been posted, but you can take a look at last year’s agenda to get a sense of the topics that may be covered.
Compliance Update
Key Takeaway: OCR announces a small breach investigations and Twitter chat.
Why it Matters: OCR said it will step up compliance of breaches of less than 500 patients. In a recent announcement the agency stated:
Beginning this month, OCR, through the continuing hard work of its Regional Offices, has begun an initiative to more widely investigate the root causes of breaches affecting fewer than 500 individuals. Regional Offices will still retain discretion to prioritize which smaller breaches to investigate, but each office will increase its efforts to identify and obtain corrective action to address entity and systemic noncompliance related to these breaches. Among the factors Regional Offices will consider include:
- The size of the breach;
- Theft of or improper disposal of unencrypted PHI;
- Breaches that involve unwanted intrusions to IT systems (for example, by hacking); The amount, nature and sensitivity of the PHI involved; or
- Instances where numerous breach reports from a particular covered entity or business associate raise similar issues.
Regions may also consider the lack of breach reports affecting fewer than 500 individuals when comparing a specific covered entity or business associate to like-situated covered entities and business associates.
In separate OCR news, OCR and the Office of the National Coordinator are hosting a Twitter chat on August 22 “honoring 20 years of HIPAA.”
Quality Measurement
PQRS update
Key Takeaway: Feedback reports on their way.
Why it Matters: The 2015 Physician Quality Reporting System (PQRS) feedback reports will be available in September 2016 for individual eligible professionals (EPs) and PQRS group practices. The PQRS feedback reports are the decision on whether or not participants met the PQRS criteria for avoiding the 2017 PQRS penalty. Detailed information about the quality data submitted by the provider is also included. The 2015 PQRS feedback reports reflect data from the Medicare Physician Fee Schedule (PFS) claims received with dates of service from January 1, 2015 – December 31, 2015 that were processed by February 26, 2016. Authorized representatives of groups and solo practitioners can access the 2015 PQRS feedback reports and 2015 Annual QRURs on the CMS Enterprise Portal using an Enterprise Identify Data Management (EIDM) account with the correct role. For more information on how to access these reports, visit How to Obtain a QRUR.
IRF & LTCH Quality Reporting Program
Key Takeaway: CMS is hosting a webinar on Inpatient Rehab and Long-term Care on August 23, 2016, 1:30 PM - 3:00pm ET
Why it Matters: During this webinar, CMS will discuss the Preview Reports for IRFs and LTCHs that will be available to providers in the near future. Participants will gain an understanding of how to access these reports, how to interpret the contents of these reports, and what to do if they believe their report contains an error.
