Key Takeaway: The final rules for the meaningful use modifications rule for 2015-2017, meaningful use Stage 3 and 2015 edition certification rule arrived at the Office of Management and Budget (OMB) for final sign-off before release.
Why It Matters: While awaiting the publication of the final rule, the abstract for the meaningful use modifications rule shows a calendar-based 90-day reporting period for 2015, 365-day reporting in 2016 and beyond.
Last Friday, the Centers for Medicare and Medicaid Services (CMS) filed the meaningful use modifications rule for 2015-2017, the meaningful use Stage 3 Rule and the 2015 Edition Health Information Technology (Health IT) Certification Criteria with the Office of Management and Budget (OMB) for final review before publication.
While we the full text of each rule is not yet published, here’s what we know now:
Modifications Rule:
- Calendar-based, 90-day reporting period in 2015
- Changes to the Stage 2 patient engagement measure is forthcoming
- 365-day reporting period in 2016
Stage 3 Rule:
- Single definition of MU, optional in 2017, mandatory in 2018
- Calendar year reporting, unless 1st time Medicaid participant
- Mandatory eCQM submission
To accompany the series of rules nearing final publication, CMS released the below statement:
“We appreciate provider interest in the EHR Incentive Programs and in our final regulations in particular. We have just submitted the final rule to OMB for review. CMS intends to finalize a set of requirements that addresses attestation deadlines and reduces the overall reporting burden on providers and provides flexibility for the reporting periods in 2015.”
CHIME Resources on the three proposed rules can be found here.
Leslie Kriegstein
ONC Announces Two EHR Products to be Decertified
Key Takeaway: For the first time in 2013, the Office of the National Coordinator for Health IT (ONC) announced the removal of certification for two electronic health record products due to failed compliance with requests from one of the ONC’s authorized certification bodies (ACBs.)
Why It Matters: Last week ONC announced the decertification of two EHR products that have been used by eligible professionals (EPs) to attest to Stage 1 of the Meaningful Use Program. While providers attested when the products were certified, those providers must transition to alternative EHR products. During the transition, ONC announced that the providers are eligible for a hardship exemption while the transition to a new vendor occurs.
The decertification of the two products occurred because of the vendor’s failure to respond and participate in routine surveillance requests by InfoGard Laboratories Inc. (InfoGard), an ONC Authorized Certification Body (ONC-ACB). EHRs must be certified by an ONC-ACB before providers may use them to achieve meaningful use under the EHR Incentive Programs.
Many of the legislative proposal from Capitol Hill have included decertification of vendor products, primarily focused on those that participate in “information blocking.” This is only the second time that ONC has announced the decertification of EHR products, but with the growing scrutiny from Congress and ONC on EHR vendor practices, more vendors could face decertification.
A current list Health IT products certified by ONC for use in the Meaningful Use Program can be found here.
Cybersecurity Resources Forthcoming from Federal Agencies
Key Takeaway: A series of federal resources are expected to be made available in the near-term addressing an array of cybersecurity challenges within the healthcare sector.
Why It Matters: The Department of Health and Human Services (HHS) has begun to respond to claims that a shortage of resources exists to address the growing cyber threats to the healthcare industry, by announcing the forthcoming release of medical device and mobile application-related security guidance.
The Food and Drug Administration (FDA) announced intentions to release a series of documents over the course of the next year addressing medical device cybersecurity. Expected is a guide for devices that are already being used in the marketplace and another to apply a federal framework of cyber standards to medical devices.
Suzanne Schwartz, Director of Emergency Preparedness, Operations, and Medical Countermeasures at FDA’s Center for Devices and Radiological Health (CDRH) indicated that the FDA’s cyber priorities include: cyber risk management, trusted environments for information sharing, non-prescriptive risk analyses, and vulnerability disclosure.
Lucia Savage, Chief Privacy Officer within the Office of the National Coordinator for Health IT (ONC) announced that her office has been working with the Federal Trade Commission (FTC) to create a series of tools to help mobile health product developers understand parameters relative to the security of healthcare data. The tools are expected to be released in early 2016.
Given the increased use of data for medical research, HHS is developing standards for cybersecurity and privacy for medical research and precision medicine. These standards will address electronic consent and research data management.
