Health IT Proposals Must Do More for Patient Privacy

The American Medical Association (AMA) has submitted comprehensive comments to the Office of the National Coordinator for Health Information Technology (ONC) in response to the sweeping set of proposed changes to health information technology certification and implementation of the 21st Century Cures Act and to the Centers for Medicare and Medicaid Services (CMS) in response to its proposal on patient access and interoperability. The AMA supports several of the proposed changes, especially around health IT vendor practices, technology development, and Electronic Health Record (EHR) performance. The AMA also identified proposals that could prove problematic and run counter to the goals Congress set out to achieve in the Cures Act, particularly around privacy. “The AMA strongly supports...

read more

Ignore HIPAA at Your Own Peril

After a lull in enforcement actions concerning HIPAA, the Office for Civil Rights re-entered the fray with a $3,000,000 bang. The settlement announced on May 6, 2019, imposes a significant fine after widespread non-compliance was found by OCR. As with many prior settlements, the factual scenario underpinning the latest settlement is fairly egregious. As one of many missteps, the party with HIPAA troubles, in this instance Touchstone Medical Imaging, LLC (TMI), had its troubles revealed to it by the FBI. Around May 9, 2014, the FBI told TMI about an insecure FTP server that left patient information searchable on the internet. Likely unknown to TMI, OCR received notification of that insecurity at the same time and OCR confirmed the report only a few days later. While that combination of...

read more

Moving Beyond 2018 MIPS Successes and Challenges

With Q2 well under way, we’re taking stock of 2018 successes and challenges here at SA Ignite. As my colleague Leslie Athmer mentioned in her recent blog post, we submitted MIPS data for nearly 10,000 clinicians, earning an average score of 94% in the three categories submitted for their 2018 performance. Outstanding results like these don’t happen by accident. Our customers took what they learned from 2017, continued their proven processes, and tried some new tactics for 2018. Some were more successful than others… here’s a quick summary of both sides. Tactics for Success – Building on meaningful measures, together Driving organization-wide buy-in on the most meaningful measures. By setting up regular collaboration between departments – physicians, quality, IT, operations, finance,...

read more

HHS To Deliver Value-Based Transformation in Primary Care

The U.S. Department of Health and Human Services (HHS) Secretary Alex Azar and Centers for Medicare & Medicaid Services (CMS) Administrator Seema Verma are announcing the CMS Primary Cares Initiative, a new set of payment models that will transform primary care to deliver better value for patients throughout the healthcare system. Building on the lessons learned from and experiences of the previous models, the CMS Primary Cares Initiative will reduce administrative burdens and empower primary care providers to spend more time caring for patients while reducing overall health care costs. The models were developed by the Innovation Center under the leadership of Adam Boehler and are part of Secretary Azar’s value-based transformation initiative. “For years, policymakers have talked...

read more

CMS Accepting New Measures for PI Program and Issues Proposed Changes for FY 2020

The Centers for Medicare & Medicaid Services (CMS) wants to remind eligible hospitals and critical access hospitals that the Annual Call for Measures for the Medicare Promoting Interoperability Program is still open. Submit a measure proposal by June 28, 2019. Proposals submitted by the deadline will be considered for inclusion in future rulemaking. CMS is interested in adding measures that: Build on the advanced use of certified electronic health record technology (CEHRT) using 2015 Edition Certification Standards and Criteria; Promote interoperability and health information exchange; Improve program efficiency, effectiveness, and flexibility; Provide patient access to their health information; Reduce clinician burden; and Align with MIPS Promoting Interoperability Performance...

read more

HHS Extends Comment Period for Proposed Rules to Improve the Interoperability

The U.S. Department of Health and Human Services (HHS) announced it is extending the public comment period by 30 days for two proposed regulations aimed at promoting the interoperability of health information technology (health IT) and enabling patients to electronically access their health information. The new deadline for the submission of comments – June 3, 2019 – will allow additional time for the public to review the proposed regulations. The extension of the public comment period coincides with a release by the HHS Office of the National Coordinator for Health Information Technology (ONC) of the second draft of the Trusted Exchange Framework and Common Agreement, along with a related Notice of Funding Opportunity. HHS also today released of a set of frequently asked questions...

read more

MIPS Cost Category 2019: What do we Know?

I often get asked what the biggest concerns are for organizations participating in MIPS. For the 2019 performance year, one of the biggest concerns is the unknowns with the Cost category. Because there are so many unknowns with this category, I’ll try to focus on what we do know. The Cost component of the total MIPS score continues to rise each year, with 2018 being the first year where 10% of the score is attributed to Cost. This will continue to ramp up each year until Cost is 30% of the score in 2022. Most organizations are struggling with the inability to monitor cost data, as CMS calculates it based on claims data 6 months after the performance year ends. Additionally, you will only receive performance feedback based on how you chose to submit for the year. For example, if you...

read more

CMS 2019 Rule Creates Incentive for Remote Patient Monitoring – How to Get Started

CMS is getting even more serious about keeping people out of the hospital, with each newly issued rule reflecting that commitment. Starting at the beginning of this year, the Centers for Medicare and Medicaid Services sought to further incentivize providers by building in reimbursement for home health monitoring applications and the labor required to make these systems successfully operate. In a final rule issued last November, the CMS clarified their stance, highlighting the three CPT codes in question, along with their explanation and further information surrounding the decision-making process that led to the final ruling. You can find far more detailed information (over 2,300 pages of it, in fact) within the Federal Register document, but for our purposes and for sanity’s sake, I want...

read more

Securing Data Using the “Duty of Care” Standard

The healthcare industry has a huge responsibility when it comes to information security and protecting sensitive PHI while abiding by its “duty of care” principles. However, the industry continues to suffer large data breaches despite multiple federal regulations that mandate the security and privacy of sensitive healthcare data. It’s not a lack of cybersecurity guidelines that has led to ongoing data security and privacy incidents. With the age of digital transformation in the healthcare field, better patient care backed by streamlined data and operations is available. While these technologies improve patient outcomes and lower costs, they also come with compliance and security risks. A breach has the potential to not only affect patient care and the trustworthiness of the healthcare...

read more

Business Associate Agreement Hot Points

If an organization is involved in healthcare, whether as a provider, facility, consultant, vendor or in almost any other capacity, it is highly likely that HIPAA applies to internal operations and relationships with other parties. As should be well-known, when a relationship is established with one party providing services for or on behalf of a covered entity (this means a healthcare provider, health plan, or healthcare clearinghouse), then the party providing the service is a business associate. Once a party is a business associate, then a business associate agreement (BAA) is needed. In fact, the BAA is not just needed, but mandatory and must be in place before any protected health information is shared. As a quick refresher, a business associate, as noted above, is any party that...

read more