Beyond Meaningful Use: Lessons Learned and Implications for the Auditor Phyllis A. Patrick, MBA,...
Preview:
Citation preview
- Slide 1
- Beyond Meaningful Use: Lessons Learned and Implications for the
Auditor Phyllis A. Patrick, MBA, FACHE, CHC, CISM NEHIA Conference
December 3, 2014
- Slide 2
- Topics Status of the Meaningful Use Incentive Program Key
Components of a Meaningful Use Program Adding Value: Opportunities
and Challenges for the Auditor Meaningful Use 2015 What Can We
Expect? 2
- Slide 3
- Status of the Meaningful Use Incentive Program CMS and ONC
Strategic Objectives Regulatory Requirements The 3 Stages of
Meaningful Use Quality and Quality Reporting Security Risk Analysis
what is required? Successes, Obstacles, Lessons Learned -- Where
are we today? 3
- Slide 4
- CMS Goals for Meaningful Use Improve quality, safety, and
efficiency of health care and reduce health disparities; Engage
patients and families; Improve care coordination; Improve
population and public health; and Ensure adequate privacy and
security protections for personal health information. 4
- Slide 5
- 5 Federal Health Information Technology Strategic Plan 2014
2018
- Slide 6
- Regulatory Requirements ARRA HITECH HIPAA ACA EHR Incentive
Programs Final Rule HIT: Initial Set of Standards, Implementation
Specifications and Certification Criteria for EHR Technology
Interim Final and Final Rules Establishment of Temporary
Certification Program for HIT Final Rule Establishment of Permanent
Certification Program for HIT Final Rule Breach Notification Rule
HIPAA Privacy and Security Rules Modifications to the HIPAA
Privacy, Security, and Enforcement Rules under the HITECH Act
Proposed Rule HIPAA Privacy Rule Accounting of Disclosures under
the HITECH Act Proposed Rule (in limbo!)
- Slide 7
- Roots in HITECH The Health Information Technology for Economic
and Clinical Health (HITECH) Act provides the Department of Health
& Human Services (HHS) with the authority to establish programs
to improve health care quality, safety, and efficiency through the
promotion of health IT, including electronic health records and
private and secure electronic health information exchange. 7
- Slide 8
- Regulations and Statutes American Recovery & Reinvestment
Act (February 2009) Medicare & Medicaid Electronic Health
Record (EHR) Incentive Program Notice of Proposed Rulemaking (NPRM)
and Final Rule (July 28, 2012) Stage 2 Meaningful Use Final Rule
(August 23, 2012) Security Risk Analysis 45 CFR 164.308(a)(1)
(April, 2005) Health Information Technology for Economic and
Clinical Health (HITECH) Law Interim Final Rule (February, 2009)
Omnibus Rule (January, 2013, Effective September 23, 2013) 8
- Slide 9
- Key Players CMS Centers for Medicare & Medicaid Services
Established EHR Incentive Program (formal rule making) Rule
provides parameters and requirements for Medicare & Medicaid
EHR Incentive Programs ONC - The Office of the National Coordinator
for HIT Resource to support adoption of Health Information
Technology (HIT) and promotion of nationwide Health Information
Exchange (HIE) to improve health care OCR Office for Civil Rights
Responsible for HIPAA Enforcement (Privacy & Security) OIG
Office of the Inspector General 9
- Slide 10
- What is a Meaningful User? An EHR user must meet the following
requirements: Use of certified EHR technology in a meaningful
manner (e.g. e-prescribing); Use of certified EHR technology for
electronic exchange of health information to improve quality of
health care, such as promoting care coordination; and Use of
certified EHR technology to submit Clinical Quality Measures (CQH)
and other measures in a form & manner specified by the
Secretary of HHS. 10
- Slide 11
- Meaningful Use Stages 2011 - 2013 Stage 1 Data Capture &
Sharing 2014 - 2015 Stage 2 Advanced Clinical Processes 2016 Stage
3 Improved Outcomes Phyllis A. Patrick & Associates LLC
www.phyllispatrick.com 11
- Slide 12
- Clinical Transformation Meaningful use represents the means of
clinical transformation managing information for better care, safer
care, more effective and efficient care. Stages 1 3 of MU progress
from capture of health information and reporting of QCM and public
health data (Stage 1) to information exchange and decision support
(Stage 2) to systematic health care improvement (Stage 3). 12
- Slide 13
- EHR: A Platform for Quality EHR functionality is the beginning,
not the endpoint. The quality of data and what providers do with
the EHR is important and has to be carefully planned and managed.
EHRs can be used to improve care. When will we get there? How do we
get there? Understanding the BIG Picture is key! 13 Phyllis A.
Patrick & Associates LLC
- Slide 14
- The Classic Quality Measurement Model Process Outcome Structure
14 Donabedian, A., The 7 Pillars of Quality Crossing the Quality
Chasm, Institute of Medicine 2001 Phyllis A. Patrick &
Associates LLC
- Slide 15
- Clinical Quality Measure Alignment Quality Measures CMS Core
Measures Professional Credentialing Requirements MU Core Measures
And Menu Set Measures Performance Improvement Goals 15 Phyllis A.
Patrick & Associates LLC
- Slide 16
- Quality Programs How many? Hospital Inpatient Quality Reporting
(HIQR) The Joint Commission Physician Quality Reporting System
(PQRS) CMS Shared Savings Program National Council for Quality
Assurance (NCQA) Childrens Health Insurance Program Reauthorization
Act 16 Phyllis A. Patrick & Associates LLC
- Slide 17
- Harmonization of Quality Reporting CMS goal is to harmonize all
quality reporting programs with EHR electronic reporting. In 2014
simultaneous reporting is voluntary. At some point (TBD), CMS will
make this mandatory. How are hospitals and physicians preparing???
17 Phyllis A. Patrick & Associates LLC
- Slide 18
- Decisions Hospitals Must Make When to begin to align CQM and
Meaningful Use reporting, i.e. in 2014 or continue to report
measures separately? Separate reporting requires submission of 57
CQMs for calendar year via chart abstraction and 16 CQMs for
selected reporting period via CMS attestation portal for Meaningful
Use. Alignment of reporting between the two programs EHR incentive
program requires reporting for 1 quarter of patient-level data for
16 CQMs electronically and Inpatient Quality Reporting CQMs
requires electronic reporting of 57 inpatient measures via chart
abstraction. FY 2014 IPPS Final Rule, pages 50811-50819 18 Phyllis
A. Patrick & Associates LLC
- Slide 19
- Where Are We Today? 19
- Slide 20
- Program Successes Four years of successful attestation and
funds awarded to eligible hospitals and eligible providers. As of
September, 2014 more than 415,000 health care providers received
payment for participating in the Medicare and Medicaid EHR
Incentive Programs. Medicare payments in excess of $16.3 billion
(Stage 1) and approximately $48 million (Stage 2) from May 2011
through September 2014. More than $8.59 billion in Medicaid
payments have been made between January 2011 (when the first set of
states launched their programs) and September 2014. 20
- Slide 21
- Program Successes (Contd) 279,813 eligible providers and 4,283
eligible hospitals have attested. Of the EPs, 213 attested
unsuccessfully; and 9,638 attested for Stage 2. Most popular menu
objectives: For EPs drug formulary, immunization registries and
patient list For EHs advance directives, clinical lab test results,
drug formulary Least popular menu objectives: For EPs -- transition
of care summary, patient reminders For EHs transition of care
summary, reportable lab results 21
- Slide 22
- Obstacles Lack of attention by senior management. Lack of
cultural adoption and involvement of key stakeholders. Lack of
coordination, program planning, and centralized coordination. Lack
of strategy, clear program goals and measures. Inadequate resources
allocated for attestation. Failure to develop and maintain
documentation processes. Failure to perform security risk analysis
and risk mitigation planning, including documenting the risk
analysis and risk mitigation plan and updating the program during
the attestation cycle. Lack of qualified professionals with
clinical and IT experience. 22
- Slide 23
- Lessons Learned The meaningful use program is a strategic
initiative, best led by clinical and quality leadership. Key
stakeholders must be identified and involved early and throughout
the ongoing processes. Sponsorship by leadership is key to program
success. The program must be organized and centralized, with
sufficient resources to conduct day-to-day tasks, provide oversight
of the program, plan and implement new processes. Documentation
policies, procedures and processes are important and the devil is
in the details. Communication across the organization should be
ongoing and systematic. 23
- Slide 24
- Lessons Learned (Contd) Senior leadership and those responsible
for EHR implementation must think differently about the
capabilities required to support clinicians, support and frontline
staff involved with the EHR. Clinicians and leadership must know
how to drive optimization of EHR-derived data through health
analytics. As the EHR process reaches a mature level of
functionality, leadership, clinicians and others must understand
and articulate the benefits of the EHR for the organization, for
patients and for the community. 24
- Slide 25
- Lessons Learned (Contd) Think enterprise-wide (inpatient,
ambulatory, ancillary, support) and CARE COORDINATION. Closely link
the ACO and EHR programs and include mutual goals. Be patient!
Expect to spend more money. Dont underestimate the challenges of
influencing physicians to get on board. 25
- Slide 26
- MU Misconceptions True or False??? Meaningful use is an IT
initiative. Meaningful use is an incentive program and obtaining
funds is the goal. Providers are not accountable for the monies
they obtain through the program. If a provider applies for and does
not receive MU funds, there is no opportunity for appeal. Medicare
will reduce overall payments to providers that dont meaningfully
use certified EHRs and may declare providers ineligible for the
program if audits turn up problems more than once. CMS audits will
end in 2015. 26
- Slide 27
- Key Components of the Meaningful Use Program Governance
Interdisciplinary Process Program Goals Financial Reporting and
Reconciliation Outcomes Reporting Documentation 27
- Slide 28
- Governance Monitoring, tracking and managing compliance with
the various and ever-changing requirements requires a concentrated
focus and effort. A successful meaningful use program requires
three foundational work streams: incentive program compliance;
organization performance, and electronic health record (EHR)
enhancement. The Meaningful Use Program requires comprehensive
coordination and oversight to ensure current compliance and to
establish capabilities for future health reform initiatives.
Charter Statement is important. 28
- Slide 29
- Interdisciplinary Process Senior leadership must sponsor and
champion the program. This is not an IT initiative. Clinical
leadership on a day-to-day basis is critical. Fits with Quality.
Areas involved, should include, among others: medical, nursing, and
clinical staff; ancillary services; quality performance
improvement; risk management; legal services; information security
and privacy; finance; HIM; practice managers; information
technology; and other key stakeholders. 29
- Slide 30
- Program Goals Flow from the Charter and Governance Structure
Relate to organizational Mission, Vision, Values Foundation in
strategic plan, IT plans, quality plans Outcomes reporting Ongoing
auditing and monitoring Coordinating/directing activities for
internal compliance audits Managing preparation and responses to
external compliance audits Align MU improvement initiatives with
internal current and future quality initiatives. 30
- Slide 31
- Financial Reporting and Reconciliation EHR technology is not
critical to the delivery of patient services. Incentive payments
are similar to revenues derived from sources other than providing
health care services. How can management determine whether there is
reasonable assurance that meaningful use has been or will be
achieved for a particular period? Should there be a set aside for
contingency/pay-back? Guidance available, e.g., HFMA Issues Paper
(2011) Contingency Model IAS Grant Accounting Model 31
- Slide 32
- Quality Reporting is a Strategic Decision What resources and
capabilities does the hospital have to align and report measures
simultaneously? What is the organizations strategy on quality
reporting? Are the different reporting requirements centralized and
coordinated? How does data align across departments? How is data
integrity addressed with quality reporting requirements? Is the EHR
capable of creating and submitting reports for the various
requirements? What is the organizations plan for simultaneous
reporting - need to balance competing priorities and resources? How
do quality reporting, EHR development, and clinical priorities fit
with the organizations overall strategic plans and goals? 32
Phyllis A. Patrick & Associates LLC
- Slide 33
- Outcomes Reporting/ Clinical Quality Measures CMS selected CQMs
to align with the DHHS National Quality Strategy priorities for
health care quality improvement. CMS Quality Domains: Patient and
Family Engagement Patient Safety Care Coordination Population and
Public Health Efficient Use of Healthcare Resources Clinical
Processes/Effectiveness 33
- Slide 34
- Quality Professionals Need to be Involved Stage 2 goals focus
on ensuring that the meaningful use of EHRs supports the priorities
of the National Quality Strategy. Use of Health IT for continuous
quality improvement at the point of care Exchange of information in
a structured format Health Information Exchange requirements:
E-prescribing becomes more demanding Structured lab results need to
be incorporated Electronic transmission of patient care summaries
to support transitions in care across unaffiliated providers
settings and EHR systems. INFORMATION FOLLOWS THE PATIENT. 34
- Slide 35
- OIG Interest CMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM
INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRS January 2014
CMS and its contractors had adopted few program integrity practices
specific to EHRs. Specifically, few contractors were reviewing EHRs
differently from paper medical records. In addition, not all
contractors reported being able to determine whether a provider had
copied language or over-documented in a medical record. Finally,
CMS had provided limited guidance to Medicare contractors on EHR
fraud vulnerabilities. 35
- Slide 36
- Vendor Technology Stability Vendors are under increasing
pressure to deliver changes for Stages 2 and 3. Providers need to
stay in contact with vendors and understand their delivery
timelines and limitations. Due diligence and documentation re.
vendor challenges and any failures to meet criteria must be
documented. Providers should not rely on vendors to perform risk
analysis or substantiate that all criteria are met. Management,
clinicians, IT need to be on same page. 36
- Slide 37
- Additional Resources Are Needed This is not another IT project.
Dont assume that technology can lead to FTE reductions. Support for
MU will require additional resources. Key issues will include:
Vendor management; Implementation of software changes and system
modifications; Infrastructure changes; Interface development and
maintenance; Need for sound change management procedures; and
Interface with HIEs and other provider organizations. 37
- Slide 38
- Security Risk Analysis and Risk Mitigation: Meeting Privacy
& Security Requirements 38
- Slide 39
- HIPAA RA/RM Requirements conduct an accurate and thorough
analysis of the potential risks and vulnerabilities to the
confidentiality, integrity, and availability of ePHI. Once have you
completed the risk analysis, you must take any additional
reasonable and appropriate steps to reduce identified risks to
reasonable and appropriate levels. (45 CFR 164.308(a)(1)(iii))
39
- Slide 40
- Security in Stage 2 Core Objective 15 Protect electronic health
information created or maintained by the certified EHR technology
through the implementation of appropriate technical capabilities.
Note: the preamble specifically addresses encryption/security of
data stored in Certified EHR Technology, and notes that a review of
the assessment must be conducted each EHR reporting period.
Expectation is that security will evolve and change as needs
change. Expectation of robust security. 40
- Slide 41
- Stage 1 vs. Stage 2 Objective: Protect electronic health
information created or maintained by the certified EHR technology
through the implementation of appropriate technical capabilities.
Security Risk Analysis must be conducted during each reporting
period for Stage 1, Stage 2, and Stage 3. 41
- Slide 42
- Measure: Stage 1 vs. Stage 2 Stage 2: Eligible professionals
(and hospitals) need to meet the same security risk analysis
requirements as Stage 1, but must also address the
encryption/security of data at rest. 42
- Slide 43
- Additional Precautions Dont attest for EHR Incentive Program
until you have conducted the security risk analysis (or
reassessment) and developed a risk mitigation plan to correct any
deficiencies identified during the risk analysis. You must
implement the plan, which can be phased, but the plan needs to be
clear and documented. Document changes/corrections in the security
program. Update policies as appropriate to reflect changes and
improvements. Communicate policies and changes. 43
- Slide 44
- Keep in mind. When a provider attests to meaningful use, it is
a legal statement that the provider has met the specific standards,
including protecting electronic health information. 44
- Slide 45
- False Claim Engaging in a conspiracy to defraud by the improper
submission of a false claim FCA strengthened by: Fraud Enforcement
and Recovery Act (2009) - redefined obligation to include retention
of any overpayments Patient Protection and Affordable Care Act
(2010) - a person need not have actual knowledge or specific intent
to commit a violation Providers will not be able to successfully
argue that they did not know. 45
- Slide 46
- Recoupment of Funds Failure to meet one (1) of the criteria can
result in recoupment of all payments. Some providers incentive
funds been recouped and some have self-disclosed and paid monies
back. Be aware CMS has noted that several providers have been
referred for possible fraud investigations, through direct reports
to CMS. 46
- Slide 47
- Potential Bumps in the Road The Attestation Process If you
attest prior to actually meeting the meaningful use security
requirement, you could increase your business liability for federal
law violations and making a false claim. From this perspective,
consider implementing multiple security measures as feasible, prior
to attesting. The priority would be mitigating high- impact and
high-likelihood risks. ONC Guide to Privacy and Security of Health
Information 47
- Slide 48
- Final Statement in Attestation I certify that the foregoing
information is true, accurate and complete. I understand that the
Medicare/Medicaid EHR incentive program payment I requested will be
paid from Federal Funds, that by filing this claim for Federal
Funds, and the use of any false claims, statements, or documents,
or the concealment of a material fact used to obtain
Medicare/Medicaid EHR incentive program payment, may be prosecuted
under Federal or State criminal laws and may also be subject to
civil penalties. 48
- Slide 49
- Between You and Your Contractor If during attestation, you or
your EHR contractor answered yes that you were in compliance with
this MU criteria without first ensuring complete compliance with
the Security Rule Risk Analysis requirements, not only is your
incentive payment at risk, but you also may be subject to liability
under the Federal False Claims Act. 49
- Slide 50
- The MU Audit Program The Basics Federal and State Programs 2015
and Beyond: What can we Expect? 45 CFR Section 164.308(a)(1)(ii)
50
- Slide 51
- Meaningful Use Audit Process Pre- and post-payment audits
(January 2013 ) Edit checks in EHR systems Documentation audits
Source documents required Appeals process (888-734- 6433)
Comprehensive audits Payment recoupment 51
- Slide 52
- Focus of State Audits States to collect and verify information
provided by applicants for MU funding: Eligibility (upon enrollment
or re-enrollment); Patient Volume; Physicians hospital-based
status; If physician practices predominately in a FQHC or RHC; and
Providers efforts to adopt, implement, or upgrade CEHRT. State
audit processes vary. 52
- Slide 53
- Current CMS Audit Process CMS contracted with Figliozzi &
Company to conduct audits, send out audit notifications and
documentation requests. Contract period is 2012 2015. Audit
notification letters initiate the process. Documents are requested
(hospitals and professionals). Follow-up questions may be posed to
auditees. 53
- Slide 54
- 54 Audit Request from
- Slide 55
- Audit Process Initial request letter (sample is on CMS web
site). Letter is sent electronically by Figliozzi and Company.
On-site review may occur EP/EH may be required to demonstrate how
the EHR system meets the meaningful use criteria. Audit
Determination Letter Will document success in meeting the MU audit
or Recoupment of payment. 55
- Slide 56
- Document Request List - Examples Medicare Incentive Program for
eligible hospitals (2012) General Information Proof of possession
of certified EHR technology system; Copy of ONC certification;
Licensing agreements with vendor; Invoices from time of purchase;
and Documentation to support method chosen to report ED admissions,
calculations, etc. 56
- Slide 57
- Examples (Contd) Core Set Objectives/Measures Supporting
documentation is used to complete Attestation Module responses
(report from EHR system that ties to Attestation). Screenshots from
EHR system may be used. Menu Set Objectives/Measures Supporting
documentation is used to complete Attestation Module responses
(report from EHR system that ties to Attestation). Screenshots from
EHR system may be used. 57
- Slide 58
- Preparing for MU Audits 58
- Slide 59
- Supporting Documentation Documentation is required for pre- and
post-payment audits. Documentation must support meaningful use and
clinical quality measure data that is submitted. All source
material (paper and electronic) must be saved for at least 6 years
from attestation. If using hospital cost report data, follow data
retention policies and process. Documentation must support payment
calculations (hospitals). Reports must come directly from the
certified EHR system/modules. Dont rely on vendor for
documentation! 59
- Slide 60
- Additional Supporting Documentation Primary documentation
should include: Numerators and denominators used for the measures;
Time period the report covers; Evidence to support that the report
was generated for the eligible hospital, eligible provider (NPI,
CCN, provider name, practice name); and Documentation that
demonstrates how data was accumulated and calculated. 60
- Slide 61
- Source Documents Audit logs Screen shots Letters received from
public health agencies Summary of data that supports the
information entered during attestation 61
- Slide 62
- Be sure to follow the same order as requested in the letter
from Figliozzi (or CMS). Cover letter outline exactly what you are
submitting in response to each document request. Create a single
PDF of all of the documents in the correct order along with a cover
letter and submit. Most importantly Dont miss the submission
deadline! Documentation Submission 62
- Slide 63
- Lessons Learned Patient List does it make sense for the type of
EP? Dont confuse how your vendor numbers the MU requirements with
CMS documentation request. Security Audit documentation: Must cover
MU reporting period; Must update for every MU reporting period; and
Must address any new focus, based on MU Stage. 63
- Slide 64
- Good Practices Make sure that a Security Risk Analysis was
conducted, a remediation plan developed, remediation occurred,
remediation was documented. Plan of Action with administrative,
physical, technical safeguards; organizational requirements and
documentation. Document ongoing RA/RM processes. Save all:
Attestation supporting documentation; CQM documentation; and
Payment calculation documentation. 64
- Slide 65
- Good Practices (Contd) Maintain all documentation for at least
6 years. Review all supporting documentation for attestations,
CQMs, payment verification, etc. BEFORE any audit request. If
contractor was used for Attestation process, review supporting
documentation on a regular basis. Ask questions. Make sure you have
all documentation. 65
- Slide 66
- Good Practices (Contd) Verify that incentive payments were
accurate (possible over-payments or under-payments). Make sure you
have proxy permission from your Eligible Professionals to attest on
their behalf. SAVE EVERYTHING! 66
- Slide 67
- Conduct Your Own Audits Documentation is there an automated
repository? Who is responsible? Is it easy to retrieve? Process
Testing are you meeting criteria over time, under different
conditions, etc.? Financial Reporting can you trace the funds
through the financial statements? Outcomes Reporting -- review for
consistency with quality performance and outcomes reporting
processes, reports of Quality Office. Get all stakeholders involved
(IT, Compliance, Privacy, Informatics, Quality, Clinical Staff, IT,
Security, others). 67
- Slide 68
- Adding Value to the MU Program: Opportunities and Challenges
for Auditors Meaningful use is a dynamic, ongoing program and
process! Conduct focused audits and use results to improve the
meaningful use program, for example: Preparation for Stages 2 and
3; Vendor preparedness/EHR Upgrade process/Vendor documentation;
EHR Training Programs; Patient Volume Verification MU documentation
vs. patient census and billing data, other reporting requirements
for same periods; Physician Practice documentation of MU funds,
attestation process, security risk analysis, etc.; Financial
reconciliation processes; and Preparation for and results of OIG
audits. 68
- Slide 69
- Meaningful Use 2015 What Can We Expect? Catch-up for Stage 2
providers and vendors still have work to do. Status and timing for
Stage 3 Core Measures will be clarified- ??? Will CMS change its
position on cutting payments to providers that dont meaningfully
use certified EHRs? CMS contract with Figliozzi ends. Will there be
a new and/or different approach? OIG audits will continue. 69
- Slide 70
- Future CMS Audit Processes Will likely involve use of a
contractor by CMS--- who will it be??? Will be more robust and
comprehensive. May be process oriented, include analysis of quality
reporting, testing of EHR systems, etc. MU is a dynamic, ongoing
program and process! 70
- Slide 71
- Ensure Security Risk Analysis was conducted.. Perform or review
existing Security Risk Analysis of your certified EHR technology Do
you have copies of your vendors security policies? Has testing been
thorough and documented any potential security issues have been
fixed? Have you/vendor made any security updates (e.g., updated
certified EHR software)? Have you/vendor corrected any security
deficiencies (workflow, storage, etc.)? 71
- Slide 72
- OIG Interest Early Assessment Finds that CMS Faces Obstacles in
Overseeing the Medicare EHR Incentive Program Department of Health
and Human Services, Office of the Inspector General, November 2012
Included review of self-reported Meaningful Use of certified EHR
technology in 2011. 72
- Slide 73
- OIG 2014 and 2015 Work Plans Review of Medicare and Medicaid
Incentive Program Payments. Assessment of CMSs plans to oversee
incentive payments for duration of the program and actions taken to
remedy erroneous incentive payments. Audits of Security of
Certified Electronic Health Record Technology of various entities
receiving EHR incentive payments and their business associates,
such as EHR cloud providers to determine whether they adequately
protect electronic health information created or maintained by
certified EHR technology through the implementation of appropriate
technical capabilities. Examination of security of medical devices
that network with EHRs. 73
- Slide 74
- Beyond 2015 EHRs to remain one of OIGs key focus areas until
2018 or later. Establishing the audits is a core meaningful use
objective. OIG will continue to: Examine EHR documentation
vulnerabilities; Oversee HIPAA privacy and breach notification
regulations; Focus on providers who have received meaningful use
payments; and Review security of protected medical information
stored on portable devices. 74
- Slide 75
- Recovery Act (ARRA) Citations Medicare incentive payments
authorized over 5-year period to physicians and hospitals that
demonstrate meaningful use of certified EHR technology (Sections
4101 and 4102). Incentive payments 2011 through 2016, with payment
reductions to health care professionals who fail to become
meaningful users of EHRs beginning in 2015 (Section 4101(b)).
Medicaid incentive payments for eligible providers to purchase,
implement and operated certified EHR technology, with 90 % federal
match for State administrative expenses (Section 4201). 75
- Slide 76
- Security | Privacy | Culture Phyllis A. Patrick, MBA, FACHE,
CHC, CISM Phyllis A. Patrick & Associates LLC
www.phyllispatrick.com phyllis@phyllispatrick.com 914-696-3622
76