1 / 77

Meaningful Use + HIM = Quality Informatics

Meaningful Use + HIM = Quality Informatics. Phyllis A. Patrick, MBA, FACHE, CHC, CISM Phyllis A. Patrick & Associates LLC May 9 , 2014. Topics. Overview of the Meaningful Use Program Key Elements of an Effective MU Program Role of HIM in Meaningful Use

tiger-gonzales
Download Presentation

Meaningful Use + HIM = Quality Informatics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Meaningful Use + HIM = Quality Informatics Phyllis A. Patrick, MBA, FACHE, CHC, CISM Phyllis A. Patrick & Associates LLC May 9, 2014

  2. Topics • Overview of the Meaningful Use Program • Key Elements of an Effective MU Program • Role of HIM in Meaningful Use • The Ultimate Goal: Quality Informatics • Q & A/Discussion Phyllis A. Patrick & Associates LLC

  3. Overview of the Meaningful Use Incentive Program • CMS and ONC Strategic Objectives • Certification Basics • Regulatory Requirements • Federal and State Programs • The 3 Stages of Meaningful Use • Risks and Challenges for Hospitals and Providers • Security Risk Analysis – The “Weak” Link – what is required? Phyllis A. Patrick & Associates LLC

  4. The Vision for Health Reform • Health Care will be: • Patient-centered • Evidence-based • Prevention-oriented • Efficient • Equitable • Not “investments in technology, but efforts to improve health of Americans and performance of their health care system.” Phyllis A. Patrick & Associates LLC

  5. CMS Goals • Improve quality, safety, and efficiency of health care and reduce health disparities • Engage patients and families • Improve care coordination • Improve population and public health, and • Ensure adequate privacy and security protections for personal health information. Phyllis A. Patrick & Associates LLC

  6. Defining Meaningful Use An EHR user must meet the following requirements: • Use of certified EHR technology in a meaningful manner (e.g. e-prescribing) • Use of certified EHR technology for electronic exchange of health information to improve quality of healthcare, such as promoting care coordination • Use of certified EHR technology to submit Clinical Quality Measures (CQH) and other measures in a form & manner specified by the Secretary of HHS Phyllis A. Patrick & Associates LLC

  7. Benefits of EHRs • Complete and accurate information • Providers will know more about their patients and their health history before they walk into the exam room. • Better access to information • Facilitates greater access to the information providers need to diagnose health problems earlier and improve health outcomes of their patients. • Information can be shared more easily among doctors, hospitals, and across systems, leading to better care coordination. • Patient empowerment • Patients will play a more active role in their health and in the health of their families. • Patients can receive electronic copies of their medical records and share their health information securely over the Internet with their families and others. Phyllis A. Patrick & Associates LLC

  8. Federal Health Information Technology Strategic Plan 2014 – 2018 Phyllis A. Patrick & Associates LLC

  9. Beyond Meaningful Use of Data • Quality Reporting • Research – Secondary use of EHR data • Comparative Effectiveness Research • Comparing treatment outcomes in two or more groups taking different drugs  this could negate requirement for large clinical trial recruitment • Platform for clinical trial recruitment  use of clinical decision support alerts may increase enrollment • Increase sample sizes  improve reliability and integrity of data • Recording of adverse events  early identification of side effects not identified during clinical trials (integrating adverse event reporting into EHR workflow) Phyllis A. Patrick & Associates LLC

  10. Facilitating Factors Standards  Interoperability “When EHR vendors were initially approached with the ‘opportunity’ to add a new service for the research community, most of them figured out fairly rapidly that this was not a wise business decision. At that time, they realized that they would have to extract data and map them to every requested format, which varied by research study sponsor; or, the EHR system would need to be configured differently for each research study or research sponsor—not very feasible. In addition, there was a perception that the entire EHR would have to be validated to meet Good Clinical Practices (GCPs) and other regulations required of biopharmaceutical development companies such as 21CFR Part 11 in the U.S.—another relatively impossible option.” R. D. Kush,Interoperability Review: EHRs for Clinical Research, American Medical Informatics Association, Winter 2011-2012, Vol. 2 No. 2. Phyllis A. Patrick & Associates LLC

  11. Certification of EHRs • ONC and CMS post most-up-to-date list of EHR products used for attestation to the CMS EHR Incentive Program at www.healthIT.gov • Dataset (April 2011 to present, updated monthly) intended for use by hospitals, physicians, researchers and other interested parties to “explore and apply data in the context of the growing trends in Health IT adoption…” • Capability to analyze at State levels and to view monthly trends. Phyllis A. Patrick & Associates LLC

  12. Certification of EHRs: The Basics • Focus certification on Meaningful Use. • Leverage the certification process to improve progress on privacy, security, and interoperability. • Improve the objectivity and transparency of the certification process. • Expand certification to include a range of software sources, e.g., open source, self-developed, etc. • Develop a certification transition (short-term to long-term). Privacy and Security: Consistent themes throughout regulations and guidance. Phyllis A. Patrick & Associates LLC

  13. Privacy and Security Protection • Federal Health Information Technology Privacy Committee (HITPC) and Privacy and Security Tiger Team developed Stage 2 and Stage 3 recommendations for the health outcome priority – “ensure adequate privacy and security protections for personal health information.” Phyllis A. Patrick & Associates LLC

  14. Regulatory Requirements • ARRA • HITECH • HIPAA and Omnibus • ACA • EHR Incentive Programs Final Rule • HIT: Initial Set of Standards, Implementation Specifications and Certification Criteria for EHR Technology Interim Final and Final Rules • Establishment of Temporary Certification Program for HIT Final Rule • Establishment of Permanent Certification Program for HIT Final Rule • Breach Notification Rule • HIPAA Privacy and Security Rules • Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the HITECH Act Proposed Rule • HIPAA Privacy Rule Accounting of Disclosures under the HITECH Act Proposed Rule (in limbo!) Phyllis A. Patrick & Associates LLC

  15. Roots in HITECH • The Health Information Technology for Economic and Clinical Health (HITECH) Act provides the Department of Health & Human Services (HHS) with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange. Phyllis A. Patrick & Associates LLC

  16. 4 Key Regulations • Regulations define meaningful use (2) • Incentive Program for Electronic Health Records (issued by CMS) – define minimum requirements that providers must meet through their use of certified EHR technology in order to qualify for payments for stages 1 and 2 of meaningful use. • Regulations identify technical capabilities required for certified EHR technology (2) • Standards and Certification Criteria for Electronic Health Records (issued by ONC) – identify standards and certification criteria for the certification of EHR technology, so eligible professionals and hospitals may be assured that the systems they adopt are capable of performing the required functions. Phyllis A. Patrick & Associates LLC

  17. Regulations and Statutes • American Recovery & Reinvestment Act (February 2009) • Medicare & Medicaid Electronic Health Record (EHR) Incentive Program Notice of Proposed Rulemaking (NPRM) and Final Rule (July 28, 2012) • Stage 2 Meaningful Use Final Rule (August 23, 2012) • Security Risk Analysis – 45 CFR 164.308(a)(1) (April, 2005) • Health Information Technology for Economic and Clinical Health (HITECH) Law – Interim Final Rule (February, 2009) • Omnibus Rule (January, 2013, Effective September 23, 2013) Phyllis A. Patrick & Associates LLC

  18. Implications of the Final Rule (EHR Incentive Program) • Harmonizes MU criteria across CMS programs as much as possible • Closely links with ONC Certification and Standards Final Rules • Builds on recommendations of HIT Policy Committee and Public Commenters • Coordinates with existing CMS Quality Initiatives • Provides a platform that allows for staged implementation of EHRs over time Phyllis A. Patrick & Associates LLC

  19. Key Players CMS - Centers for Medicare & Medicaid Services • Established EHR Incentive Program (formal rule making) • Rule provides parameters and requirements for Medicare & Medicaid EHR Incentive Programs ONC - The Office of the National Coordinator for HIT • Resource to support adoption of Health Information Technology (HIT) and promotion of nationwide Health Information Exchange (HIE) to improve health care OCR - Office for Civil Rights • Responsible for HIPAA Enforcement (Privacy & Security) Phyllis A. Patrick & Associates LLC

  20. Other Key Players • Quality Reporting Groups • The Joint Commission – hospital quality measures • Hospital Inpatient Quality Reporting (HIQR) • Physician Quality Reporting System (PQRS) • CMS Shared Savings Program • National Council for Quality Assurance (NCQA) • Others? Phyllis A. Patrick & Associates LLC

  21. Incentive Money for Meaningful Use Medicare EHR Program • Participation started FY 2011 • EPs may receive up to $44,000 over 5 years • Must begin by 2012 to get maximum funds • Incentives for hospitals began in 2011 w/ $2 million base payment • Medicare EPs, hospitals and CAHs who do not show meaningful use have payment decrease beginning 2015 Medicaid EHR Program • Voluntarily offered by individual states • Began 2011; States on board 2012 • EPs may receive up to $63,750 over 6 years • Incentives for hospitals began 2011 • No payment adjustment for providers who do not show meaningful use Phyllis A. Patrick & Associates LLC

  22. Eligibility – Medicare & Medicaid • The EHR Incentive Programs are available for Medicare and Medicaid eligible professionals. • There are two (2) programs: a Medicaid EHR Incentive Program and a Medicare EHR Incentive Program. • Although the two programs are similar in many ways, there are also some differences between them. • Eligible professionals can only participate in one of the programs. If an eligible professional chooses to participate in the Medicaid EHR Incentive Program, then she or he can participate in only one state’s incentive program in any given year. Phyllis A. Patrick & Associates LLC

  23. Meaningful Use Stages Phyllis A. Patrick & Associates LLC

  24. Clinical Transformation • MU represents the means of clinical transformation – managing information for better care, safer care, more effective and efficient care. • Stages 1 – 3 of MU progress from capture of health information and reporting of QCM and public health data (Stage 1) to information exchange and decisionsupport (Stage 2) to systematic health care improvement (Stage 3). Phyllis A. Patrick & Associates LLC

  25. Key Elements of an Effective MU Program • Governance • Interdisciplinary Process • Program Goals • Financial Reporting and Reconciliation • Outcomes Reporting – Plan for Quality Reporting Alignment • Documentation • Security Risk Analysis/Risk Management Phyllis A. Patrick & Associates LLC

  26. Governance • Monitoring, tracking, and managing compliance with the various and ever-changing requirements requires a concentrated focus and effort. • A successful meaningful use program requires three foundational work streams: • incentive program compliance • organization performance, and • electronic health record (EHR) enhancement • The Meaningful Use Program requires comprehensive coordination and oversight to ensure current compliance and to establish capabilities for future health reform initiatives. • Charter Statement is important. Phyllis A. Patrick & Associates LLC

  27. Interdisciplinary Process • Senior leader as sponsor and champion. • This is not an IT initiative. • Clinical leadership is key. • Areas involved should include: medical, nursing, and clinical staff; ancillary services; quality/performance improvement; risk management; legal services; information security and privacy; finance; health information management; practice managers, information technology; and other key stakeholders. Phyllis A. Patrick & Associates LLC

  28. What are appropriate roles for HIM professionals? Phyllis A. Patrick & Associates LLC

  29. Consider adopting the following …. • Seek knowledge. People who are resilient are always curious, excited about life, and wanting to know more. They embrace the unknown and want to feel more knowledgeable about the world. • The more you know, the more equipped you are to deal with challenges and to be able to vision opportunities. • Ask questions! Phyllis A. Patrick & Associates LLC

  30. Program Goals • Flow from the Charter and Governance Structure • Relate to organizational Mission, Vision, Values • Foundation in strategic plan, IT plans, quality plans • Outcomes reporting and plans for measures reporting alignment • Ongoing auditing and monitoring • Coordinating/directing activities for internal compliance audits • Managing preparation and responses to external compliance audits • Align MU improvement initiatives with current and future organizational quality initiatives. Phyllis A. Patrick & Associates LLC

  31. Financial Reporting and Reconciliation • EHR technology is not critical to the delivery of patient services. • Incentive payments are similar to revenues derived from sources other than providing healthcare services. • How can management determine whether there is reasonable assurance that meaningful use has been or will be achieved for a particular period? • Set aside for contingency/pay-back? • HFMA Issues Paper (2011) • Contingency Model • IAS Grant Accounting Model Phyllis A. Patrick & Associates LLC

  32. Outcomes Reporting/Clinical Quality Measures • CMS selected CQMs to align with DHHS’ National Quality Strategy priorities for health care quality improvement. • CMS Quality Domains: • Patient and Family Engagement • Patient Safety • Care Coordination • Population and Public Health • Efficient Use of Healthcare Resources • Clinical Processes/Effectiveness Phyllis A. Patrick & Associates LLC

  33. Quality Professionals Need to be Involved • Stage 2 goals focus on ensuring that the meaningful use of EHRs supports the priorities of the National Quality Strategy. • Use of Health IT for continuous quality improvement at point of care • Exchange of information in a structured format • Health Information Exchange requirements: • E-prescribing becomes more demanding • Structured lab results need to be incorporated • Electronic transmission of patient care summaries to support transitions in care across unaffiliated providers settings and disparate EHR systems. • INFORMATION FOLLOWS THE PATIENT. Phyllis A. Patrick & Associates LLC

  34. OIG Interest in MU “Early Assessment Finds that CMS Faces Obstacles in Overseeing the Medicare EHR Incentive Program” HHS, OIG, November 2012. Included review of self-reported MU use of certified EHR technology. Phyllis A. Patrick & Associates LLC

  35. OIG’s Comments “CMS faces obstacles to overseeing the Medicare EHR incentive program that leave the program vulnerable to paying incentives to professionals and hospitals that do not fully meet the meaningful use requirements…. CMS has not implemented strong prepayment safeguards, and its ability to safeguard incentive payments post-payment is also limited.” (2012 Report) Phyllis A. Patrick & Associates LLC

  36. OIG’s 2014 Report CMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRs January 2014 “CMS and its contractors had adopted few program integrity practices specific to EHRs. Specifically, few contractors were reviewing EHRs differently from paper medical records. In addition, not all contractors reported being able to determine whether a provider had copied language or over-documented in a medical record. Finally, CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities. “ Phyllis A. Patrick & Associates LLC

  37. Vendor Technology Stability • Vendors under increasing pressure to deliver changes for Stages 2 and 3. • Providers need to stay in contact with vendors and understand their delivery timelines and limitations. • Due diligence and documentation re. vendor challenges and any failures to meet criteria. • Providers should not rely on vendors to perform risk analysis or substantiate that all criteria are met. • Management, clinicians, IT, and others need to be on same page. Phyllis A. Patrick & Associates LLC

  38. Additional Resources Are Needed • MU is an ongoing, dynamic PROGRAM, not just a source of funds. • This is not another IT project. • Don’t assume that technology can lead to FTE reductions. • Support for MU will require additional resources. Key issues will include: • Vendor management • Implementation of software changes and system modifications • Infrastructure changes • Interface development and maintenance • Need for sound change management procedures • Interface with HIEs and other provider organizations Phyllis A. Patrick & Associates LLC

  39. Security Risk Analysis and Risk Mitigation:Meeting Privacy & Security Requirements Phyllis A. Patrick & Associates LLC

  40. The Weak Link: HIPAA RA/RM Requirements • “… conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI. Once have you completed the risk analysis, you must take any additional “reasonable and appropriate” steps to reduce identified risks to reasonable and appropriate levels.” (45 CFR 164.308(a)(1)(iii)) Phyllis A. Patrick & Associates LLC

  41. Security in Stage 2 • Core Objective 15 • Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities. • Note: the preamble specifically addresses encryption/security of data stored in Certified EHR Technology, and notes that a review of the assessment must be conducted each EHR reporting period. • Expectation is that security will evolve and change as needs change. • Expectation of robust security. Phyllis A. Patrick & Associates LLC

  42. Stage 1 vs. Stage 2 • Objective: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities. • Security Risk Analysis must be conducted during each reporting period for Stage 1, Stage 2, and Stage 3. Phyllis A. Patrick & Associates LLC

  43. Measure: Stage 1 vs. Stage 2 • Stage 2: Eligible professionals (and hospitals) need to meet the same security risk analysis requirements as Stage 1, but must also address the encryption/security of data at rest. Phyllis A. Patrick & Associates LLC

  44. Ensure Security Risk Analysis was conducted….. • Perform or review existing Security Risk Analysis of your certified EHR technology • Do you have copies of your vendor’s security policies? • Has testing been thorough and documented any potential security issues have been “fixed”? • Have you/vendor made any security updates (e.g., updated certified EHR software)? • Have you/vendor corrected any security deficiencies (workflow, storage, etc.)? Phyllis A. Patrick & Associates LLC

  45. Additional Precautions • Don’t attest for EHR Incentive Program until you have conducted the security risk analysis (or reassessment) and developed a risk mitigation plan to correct any deficiencies identified during the risk analysis. You must implement the plan, which can be phased, but needs to be clear and documented. • Document changes/corrections in the security program. • Update policies as appropriate to reflect changes and improvements. • Communicate policies and changes. Phyllis A. Patrick & Associates LLC

  46. Keep in mind…. • When a provider attests to meaningful use, it is a legal statement that the provider has met the specific standards, including protecting electronic health information. Phyllis A. Patrick & Associates LLC

  47. False Claim “Engaging in a conspiracy to defraud by the improper submission of a false claim” • FCA strengthened by: • Fraud Enforcement and Recovery Act (2009) - redefined “obligation” to include “retention of any overpayments” • Patient Protection and Affordable Care Act (2010) - “… a person need not have actual knowledge … or specific intent to commit a violation” Providers will not be able to successfully argue that they did not know. Phyllis A. Patrick & Associates LLC

  48. Recoupment of Funds • Failure to meet one (1) of the criteria can result in recoupment of all payments. • Some providers’ incentive funds been recouped and some have self-disclosed and paid monies back. • Be aware CMS has noted that “several providers” have been referred for possible fraud investigations, through direct reports to CMS. Phyllis A. Patrick & Associates LLC

  49. Potential Bumps in the Road… The Attestation Process “If you attest prior to actually meeting the meaningful use security requirement, you could increase your business liability for federal law violations and making a false claim. From this perspective, consider implementing multiple security measures as feasible, prior to attesting. The priority would be mitigating high-impact and high-likelihood risks.” ONC Guide to Privacy and Security of Health Information Phyllis A. Patrick & Associates LLC

  50. Final Statement in Attestation “I certify that the foregoing information is true, accurate and complete. I understand that the Medicare/Medicaid EHR incentive program payment I requested will be paid from Federal Funds, that by filing this … claim for Federal Funds, and the use of any false claims, statements, or documents, or the concealment of a material fact used to obtain Medicare/Medicaid EHR incentive program payment, may be prosecuted under Federal or State criminal laws and may also be subject to civil penalties.” Phyllis A. Patrick & Associates LLC

More Related