“CMS has released a new resource, An Eligible Professional’s Guide to Stage 2 of the EHR Incentive Programs, which provides a comprehensive overview of Stage 2 of the EHR Incentive Programs for eligible professionals. The guide outlines criteria for Stage 2 meaningful use, 2014 clinical quality measure reporting, and 2014 EHR certification.”
We all have a tendency to skip over the fine print sometimes; the car rental agreement, the parking garage receipt, etc. I’ve seen firsthand plenty of patients who don’t bother to read their HIPAA Notices of Privacy Practices.
So it’s particularly interesting to read that physicians are upset that electronic health record vendor Practice Fusion launched a feature in its EHR software to send emails to patients asking them to rate their doctors. According to a recent blog posted by John Lynn, founder of the HealthcareScene.com blog network, more than 9 million emails have been sent to patients and the vendor has received about 1.8 million reviews.
Practice Fusion responded to Lynn’s post, apologizing for the confusion but stating that its practices are not a violation of HIPAA. The company also stated that it provided physicians notice about the emails.
I don’t know whether Practice Fusion will see its business impacted by the negative publicity it’s now receiving. According to the comments to Lynn’s post, the vendor has also removed negative comments about the emails from its own website forum, and is being accused of populating Lynn’s blog with emails against Lynn. There already has been talk that many providers will be switching EHR vendors this year. Without knowing more, I also don’t know whether the email activity is truly HIPAA compliant.
And physicians certainly have enough on their plates between treating patients and running their practices, so I can see where they may have glossed over a vendor notice about the implementation of a new EHR feature.
The real issue, though, is whether the physicians ever gave Practice Fusion permission to engage in this kind of activity. According to the comments to Lynn’s post, Practice Fusion’s user agreement does allow it to send emails to patients, although I have not had a chance to corroborate whether the vendor contract actually permits as much.
This is one of those instances where people really need to read that fine print. You’re not only dealing with a vendor relationship; you’re dealing with legal terms.
It’s one thing if you know that such a provision is in there and you make a decision that you can live with it or take your business elsewhere. As one commenter stated, “For anyone to think that free is free in an EHR has their head stuck in the sand.” Another said that the physicians are “getting what they paid for.”
But if you don’t bother educating yourself about what you’re signing, then you’re not doing yourself any favors. It’s important to trust your EHR vendor, but if you gave it permission to do something in your contract–even if you didn’t realize it–you’re out of luck.
The Office of the National Coordinator for Health IT does a good job of preparing providers for just such a situation in its new guidebook on evaluating EHR vendor contracts. But it only works if physicians actually read them.
Posted from AAFP News Now:
Use of the words “audit” and “Medicare” in the same sentence tend to make even the most seasoned physician uncomfortable. So when the news broke in March that CMS had added prepayment meaningful use (MU) audits to its ongoing postpayment audit process, some family physicians expressed concern.
Understanding that a little knowledge can go a long way toward alleviating anxiety, AAFP News Now recently spoke with a government expert about how physicians can prepare for MU audits associated with the Medicare Electronic Health Records (EHR) Incentive Program.
Rob Anthony, deputy director of the Health IT Initiatives Group for CMS’ Office of E-Health Standards and Services, noted that as many as 10 percent of program participants would face an audit. “Keep in mind that the audits are both random and targeted,” said Anthony, so physicians shouldn’t assume they’ve made an error if they receive an e-mail audit notification from Figliozzi and Co., the certified public accountant firm selected by CMS to conduct the audits.
“We’re required to do due diligence on our end,” said Anthony, and that includes robust oversight of a government program that disperses taxpayer dollars in the form of physician bonuses that can total as much as $18,000. According to Anthony, the audit process is the same regardless of whether physicians are notified before or after they are issued a check for successfully meeting MU program requirements.
“The first thing we always tell people is that if you’ve entered accurate numbers (in the MU attestation process) and have the documentation to support that, then the audit is a really simple process for this program. You’re simply showing (auditors) supporting documentation,” said Anthony.
For the vast majority of people, the primary support document is the report generated by a certified EHR because it generally provides both the numerator and denominator values needed for MU attestation.
“It’s important to make sure the report specifies a time period and indicates that it is specific to you as a provider,” said Anthony. That’s as easy as including a National Provider Identifier, provider name or practice name.
Anthony noted that some certified EHRs provide a “snapshot in time,” meaning that the physician can go back to any 90-day period, and the system always shows the correct numerator and denominator values for that period. However, many EHRs don’t have that function and instead use what Anthony called a “rolling system” that changes the values of the numerators and denominators after the reporting period ends.
In that situation, he advised physicians to “save either a paper or an electronic copy of the report you used to attest so that when an auditor comes knocking and asking for supporting documentation, you can hand him a report that shows the numerator and denominator values that you entered (for attestation) rather than something that might have changed later down the line.”
A number of physicians also have had trouble complying with what Anthony called the “yes/no functionality issues” that require specific EHR functions — such as drug allergy interaction checks and clinical decision support — to be turned on during the entire reporting period.
“Some systems have an audit log that shows that you have functionality enabled for the entire reporting time, but many systems don’t,” said Anthony. If your system doesn’t, save one or more screen shots that are dated from the reporting period to which you are attesting.
One additional area that has snagged numerous physicians is the security risk analysis. “This doesn’t impose any additional requirements beyond what’s already required for a security risk analysis for your practice as part of HIPAA (the Health Insurance Portability and Accountability Act),” said Anthony. “The only difference is that we require it more frequently,” or every year for MU versus every two years for HIPAA purposes.
Anthony warned that a “generalized” security risk analysis wouldn’t meet the MU audit requirement. “You need something that shows it (an analysis) was done before the end of the reporting period and that shows it is specific to your certified EHR and your particular practice. Information that is dated and specific to you goes a long way for a lot of these requirements.”
Lastly, Anthony advised physicians to direct any audit questions to Figliozzi and Co., including requests for clarification about requested documents as well as requests for additional time to comply.
Anthony summed up how to make the audit process go smoothly: “If you’ve input the numbers correctly and accurately, and you have the documentation to show how you got there, the audit process is simple. You’re not generating new information.”
Additional resources can be found by clicking the following links:
CMS: Sample Audit Request Letter
The 2% penalty is the punitive side of a federal program designed to motivate physicians and other clinicians to replace their prescription pads with iPads, smart phones, and the like. In 2010, the Centers for Medicare & Medicaid Services (CMS) began paying bonuses to clinicians who e-prescribe for their Medicare patients. The bonus that year was 2% of a clinician’s Medicare reimbursement. In 2013, the final year for these incentive payments, the bonus is 0.5%.
Last year, Medicare began penalizing clinicians who had not previously qualified as “successful electronic prescribers,” in CMS parlance, or electronically transmitted at least 10 scripts for Medicare patients in the first half of the 2011. That number of e-prescriptions, reported to CMS through G codes on Medicare claims, is not enough to earn a bonus, but it staves off the penalty, which was 1% in 2012. The penalty disappears after 2014.
Clinicians will be exempt from the 2% penalty in 2014 if they:
- qualified for an e-prescribing bonus during 2012;
- did not have at least 100 Medicare claims in the first 6 months of 2013 with 1 of the 50-plus billing codes that must be associated with an e-prescription for it to count toward the bonus;
- did not generate 10% or more of their Medicare allowable charges in the first 6 months of 2013 with the required billing codes;
- were not a physician, podiatrist, nurse practitioner, or physician assistant as of June 30;
- achieved “meaningful use” under the Medicare or Medicaid incentive programs for electronic health record (EHR) systems in either 2012 or the first 6 months of 2013, and reported that to CMS by June 30, 2013;
- registered to participate in one of the EHR incentive programs by June 30 and adopted certified EHR technology; or
- Lacked prescribing privileges and indicated that with code G8644 at least once on a Medicare claim before June 30.
Clinicians also can apply for one of several hardship exemptions, which include practicing in a rural area without sufficient high-speed Internet access and being barred by local, state, or federal law from e-prescribing. The deadline for a hardship exemption application, accomplished with a G code on a Medicare claim, is June 30.”
More information about avoiding the Medicare e-prescribing penalty is available on the CMS Web site, or feel free to give us a call-888-880-0384
In all the whorl wind of Meaningful Use Stages one and two, e-RX incentives (or penalties), ICD-10 implementation, there’s another “oldie but goodie” program for providers to participate in. The program has been around for a few years, but did you know come 2015, you may be subject to another penalty (on top of everything else) for not participating in this program?
According to CMS- The Physician Quality Reporting System (PQRS) is a reporting program that uses a combination of incentive payments and payment adjustments to promote reporting of quality information by eligible professionals. Beginning in 2015, the program also applies a payment adjustment to eligible professionals who do not satisfactorily report data on quality measures for covered professional services.
Planning to participate in 2013? Here are some things you should know:
- To earn the 2013 PQRS incentive payment and avoid the 2015 PQRS payment adjustment you need to collect your data from January 1 through December 31 of this year.
- Decide if you are going to report through your EHR (you may have to discuss with your vendor if you can report through your EHR), or if you are going to report your measure on claims.
- Become very familiar with the CMS website- http://www.cms.gov/Medicare/Quality-Initiatives-Patient-Assessment-Instruments/PQRS
- Report on each eligible claim
- Avoid including multiple dates of service and/or multiple rendering providers on the same claim – this will help eliminate diagnosis codes associated with other services being attributed to another provider’s services
- For measures that require more than one code, ensure that all codes are captured on the claim
- If your claim with the reporting codes on it was denied for payment the PQRS codes will not be included in the program analysis.
- Check you remittance advice for remark code N365, which reads “This procedure code is not payable. It is for reporting/information purposes only.”
- Review all diagnoses (if applicable) and CPT Service (encounter) codes for denominator inclusion in PQRS/eRx (i.e., claims that are denominator-eligible).
Participation this year in the program could earn you incentives of up to 1%. Failure to report could land you a whopping 1.5% pay cut (in addition to all those other penalties from CMS).
7 Value Propositions of McKesson Practice Choice
For additional information please visit our website at www.sunrize.com or call 502-538-4665.
|Incentive payments made through the Medicare Electronic Health Record (EHR) Incentive Program are subject to the mandatory reductions in federal spending known as sequestration, required by the Budget Control Act of 2011.|
Incentive Payment Reduction
The American Taxpayer Relief Act of 2012 postponed sequestration for two
months. As required by law, President Obama issued a sequestration order on March 1, 2013. Under these mandatory reductions, Medicare EHR incentive
payments made to eligible professionals and eligible hospitals will be reduced by 2%.
This 2% reduction will be applied to any Medicare EHR incentive payment for a reporting period that ends on or after April 1, 2013. If the final day of the reporting period occurs before April 1, 2013, those incentive payments will not be subject to the reduction.
Please note: This reduction does not apply to Medicaid EHR incentive payments, which are exempt from the mandatory reductions.
Want more information about the EHR Incentive Programs?
Make sure to visit the EHR Incentive Programs website for the latest news and updates on the EHR Incentive Programs.
There are some changes coming in 2014 for all those meaningful users still in stage one. While some of these changes are positive, there are a few that may come as a surprise-especially if a practice attested for the first time in 2013, and plan to do the second year of stage one in 2014. Here are just a few things to be aware of:
- You can no longer count an exclusion toward the minimum 5 menu objectives. In other words-there are 10 to choose from and a provider must be able to attest to 5 of those with no exclusions.
- Seeing patients ages 3 and over? You have to record blood pressure, height and weight on more than 50% of patients. An EP can exclude his or herself, though if there is no relevance to the scope of practice.
- The capability to exchange key clinical information among providers of care and patient authorized entities electronically is no longer required starting in 2013.
- Providing patients with timely access to their health information within 4 business days has been changed in 2014 to being able to provide patients the ability to view online, download and transmit their health information within 4 business days of the information being available to the EP. This will have to be reported for more than 50% of all unique patients.
- LOTS of changes with Clinical Quality Measures (CQM). Prior to 2014, providers have 44 measures to choose from in which they had to report 6 total (3 core and 3 alternate). Starting in 2014 and beyond a provider must report 9 measures (out of a total of 64). Selected CQM’s must cover at least 3 of the National Quality Strategy domains. For more information please refer to www.cms.gov/EHRincentiveprograms.
Providers who were early demonstrators of meaningful use in 2011 will meet three consecutive years of meaningful use under the Stage 1 criteria before advancing to the Stage 2 criteria in 2014. All other providers would meet two years of meaningful use under the Stage 1 criteria before advancing to the Stage 2 criteria in the third year. This is regardless of the year you started to participate.
Looking forward to stage 2 of meaningful use? Although you can’t begin to collect data for stage 2 meaningful use until 2014, there are a couple of things to have in place ideally before 2014.
The first thing is to establish a patient portal and become familiar with the workings of the portal. Work out any changes to your workflow in order to become successful in establishing protocols for staff and for patients. Make sure to give yourself plenty of time for marketing.
Another item for action would be to get with your lab (if you haven’t already done so), and make sure your EHR has a way to incorporate lab results as structured data. This menu objective for stage 1 becomes a core objective for stage 2. Creating this “bridge”, can take some time to do so the sooner the better. Some labs are more backlogged than others and this could very well take up to 6 months to complete.
The HIPAA Privacy and Security final rule — also known as the HIPAA Omnibus Rule — became effective March 26. One expert predicts enforcers will have a heyday with expanded ability to crack down on providers and their business associates.
According to Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin, the biggest difference in the new rule is a change in breach notification. Under the old rule, providers were presumed innocent of harming patients when a breach occurred – until they proved otherwise. Under the new rule, providers are presumed guilty of harming patients when data is breached. They will have to prove their innocence.
Providers and their vendors and subcontractors have “in theory,” 180 days to comply before the Office for Civil Rights begins enforcement of the Omnibus Rule, beginning Sept. 23, 2013, Rey warns. But this doesn’t mean providers shouldn’t beware. They still will be held accountable under the old HIPAA rules until then, he says.
The addition of business associates under the Omnibus rule could catch some companies and providers unaware and unprepared, Rey warns. “A lot of business associates didn’t plan for this,” he says of the expanded HIPAA rule. “They have never had to comply with HIPAA before.”
According to Rey, OCR has already prosecuted five covered entities, with the settlements ranging from $50,000 to $1.7 million. The smallest OCR enforcement action involved the breach of fewer than 500 records. “I think they are putting out the message that they are serious about enforcement. They are going after small and large cases,” Rey says.
He said he had received emails from OCR indicating the agency is starting to hire enforcement officials. “There’s going to be a lot of enforcement going forward,” he says.
How to prepare? Reys says small provider groups, short on resources, can rely on parent organizations or even government programs to help them do risk analysis. “Don’t take this lightly. The main reason covered entities ran into big problems with OCR last year, was they didn’t conduct risk assessments,” he says. “Providers should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule.”
In addition, “create a visual map of your data; understand where your data is,” Rey says. Encrypt data in laptops and determine if data might best be kept safer in a centralized location. He points out that PCs and servers are also vulnerable to breaches.
Published on EHR Watch (http://www.ehrwatch.com)
McKesson Practice Choice™ is a cost-effective Web-based electronic health record (EHR) and practice management (PM) solution inspired by small, physician practices just like yours. Intuitive and efficient, McKesson Practice Choice does more than maintain records and protect cash flow; it has the power to improve the quality of your patient interactions.
When care is your priority and simplicity is your choice
With 20+ years developing PM and EHR technologies, McKesson understands the juggling act of the small, physician practice, and is committed to utilizing technology to make your life easier, flexible and more efficient. That’s why McKesson Practice Choice is more than an EHR product — it’s a comprehensive, full-practice solution.
Utilizing a SaaS (Software as a Service) model, McKesson Practice Choice allows physician practices to exchange data with other practices, patients, HIEs, hospitals, pharmacies, labs and payers. These connections help to streamline care coordination, to enhance patient care, and to position your practice for the future direction of healthcare.
One solution for your entire office
• Electronic Health Record (EHR)
• Practice Management (PM)
• Patient Portals
• Patient Health Maintenance Tracking
• Claims Management
One Choice for Connecting Providers, Payers and Patients
Spend less time charting and more time interacting with your patients, as everything you enter automatically flows data into all pertinent fields throughout a chart.
• Document on a single screen while pulling and pushing
data from anywhere in the patient’s chart.
• Search codes using natural terminology and view
cross-sectional chart summaries.
• Create a template that suits your note-taking preferences
Utilizing intuitive drag and drop technology and simple organiza
McKesson Practice Choice brings needed efficiencies to a busy front office.
Meaningful Use Dashboard and Reporting
From a single screen, gauge your progress in real time for both core and selected requirements, and gain an instant view of your practice’s performance. Also, customizable controls allow you to observe detailed performance levels of every member of your practice.
Need more information? Call us at 888-880-0384 or visit us on the web at http://www.sunrize.com.