Meaningful Use + HIM = Quality Informatics

Meaningful Use + HIM = Quality Informatics

Phyllis A. Patrick, MBA, FACHE, CHC, CISM

Phyllis A. Patrick & Associates LLC

May 9, 2014

TopicsOverview of the Meaningful Use Program

Key Elements of an Effective MU Program

Role of HIM in Meaningful Use

The Ultimate Goal: Quality Informatics

Q & A/Discussion

2Phyllis A. Patrick & Associates LLC

Overview of the Meaningful Use Incentive Program

CMS and ONC Strategic Objectives

Certification Basics

Regulatory Requirements

Federal and State Programs

The 3 Stages of Meaningful Use

Risks and Challenges for Hospitals and Providers

Security Risk Analysis – The “Weak” Link – what is required?


The Vision for Health ReformHealth Care will be:

Patient-centered Evidence-based Prevention-oriented Efficient Equitable

Not “investments in technology, but efforts to improve health of Americans and performance of their health care system.”


CMS Goals

Improve quality, safety, and efficiency of health care and reduce health disparities

Engage patients and families

Improve care coordination

Improve population and public health, and

Ensure adequate privacy and security protections for personal health information.


Defining Meaningful Use

An EHR user must meet the following requirements:• Use of certified EHR technology in a

meaningful manner (e.g. e-prescribing)

• Use of certified EHR technology for electronic exchange of health information to improve quality of healthcare, such as promoting care coordination

• Use of certified EHR technology to submit Clinical Quality Measures (CQH) and other measures in a form & manner specified by the Secretary of HHS


Benefits of EHRs

Complete and accurate information Providers will know more about their patients and their health

history before they walk into the exam room.

Better access to information Facilitates greater access to the information providers need to

diagnose health problems earlier and improve health outcomes of their patients.

Information can be shared more easily among doctors, hospitals, and across systems, leading to better care coordination.

Patient empowerment Patients will play a more active role in their health and in the

health of their families. Patients can receive electronic copies of their medical records

and share their health information securely over the Internet with their families and others.


8

Federal Health Information

Technology Strategic Plan 2014 –

2018


Beyond Meaningful Use of Data

Quality Reporting

Research – Secondary use of EHR data

Comparative Effectiveness Research Comparing treatment outcomes in two or more groups

taking different drugs this could negate requirement for large clinical trial recruitment

Platform for clinical trial recruitment use of clinical decision support alerts may increase enrollment

Increase sample sizes improve reliability and integrity of data

Recording of adverse events early identification of side effects not identified during clinical trials (integrating adverse event reporting into EHR workflow)


Facilitating Factors

Standards Interoperability

“When EHR vendors were initially approached with the ‘opportunity’ to add a new service for the research community, most of them figured out fairly rapidly that this was not a wise business decision. At that time, they realized that they would have to extract data and map them to every requested format, which varied by research study sponsor; or, the EHR system would need to be configured differently for each research study or research sponsor—not very feasible. In addition, there was a perception that the entire EHR would have to be validated to meet Good Clinical Practices (GCPs) and other regulations required of biopharmaceutical development companies such as 21CFR Part 11 in the U.S.—another relatively impossible option.”

R. D. Kush, Interoperability Review: EHRs for Clinical Research, American Medical Informatics Association, Winter 2011-2012, Vol. 2 No. 2.


Certification of EHRsONC and CMS post most-up-to-date list of EHR

products used for attestation to the CMS EHR Incentive Program at www.healthIT.gov

Dataset (April 2011 to present, updated monthly) intended for use by hospitals, physicians, researchers and other interested parties to “explore and apply data in the context of the growing trends in Health IT adoption…”

Capability to analyze at State levels and to view monthly trends.


http://www.healthIT.gov/

Certification of EHRs: The Basics

1.Focus certification on Meaningful Use.

2.Leverage the certification process to improve progress on privacy, security, and interoperability.

3. Improve the objectivity and transparency of the certification process.

4.Expand certification to include a range of software sources, e.g., open source, self-developed, etc.

5.Develop a certification transition (short-term to long-term).

Privacy and Security: Consistent themes throughout regulations and guidance.


Privacy and Security ProtectionFederal Health Information Technology Privacy

Committee (HITPC) and Privacy and Security Tiger Team developed Stage 2 and Stage 3 recommendations for the health outcome priority – “ensure adequate privacy and security protections for personal health information.”

Phyllis A. Patrick & Associates LLC 13

Regulatory Requirements ARRA HITECH HIPAA and Omnibus ACA EHR Incentive Programs Final Rule HIT: Initial Set of Standards, Implementation

Specifications and Certification Criteria for EHR Technology Interim Final and Final Rules

Establishment of Temporary Certification Program for HIT Final Rule

Establishment of Permanent Certification Program for HIT Final Rule

Breach Notification Rule HIPAA Privacy and Security Rules Modifications to the HIPAA Privacy, Security, and

Enforcement Rules under the HITECH Act Proposed Rule

HIPAA Privacy Rule Accounting of Disclosures under the HITECH Act Proposed Rule (in limbo!)


Roots in HITECHThe Health Information Technology for Economic

and Clinical Health (HITECH) Act provides the Department of Health & Human Services (HHS) with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange.


4 Key Regulations

Regulations define meaningful use (2) Incentive Program for Electronic Health Records (issued

by CMS) – define minimum requirements that providers must meet through their use of certified EHR technology in order to qualify for payments for stages 1 and 2 of meaningful use.

Regulations identify technical capabilities required for certified EHR technology (2) Standards and Certification Criteria for Electronic

Health Records (issued by ONC) – identify standards and certification criteria for the certification of EHR technology, so eligible professionals and hospitals may be assured that the systems they adopt are capable of performing the required functions.


Regulations and StatutesAmerican Recovery & Reinvestment Act (February

2009) Medicare & Medicaid Electronic Health Record (EHR)

Incentive Program Notice of Proposed Rulemaking (NPRM) and Final Rule (July 28, 2012)

Stage 2 Meaningful Use Final Rule (August 23, 2012)Security Risk Analysis – 45 CFR 164.308(a)(1) (April,

2005)Health Information Technology for Economic and

Clinical Health (HITECH) Law – Interim Final Rule (February, 2009)

Omnibus Rule (January, 2013, Effective September 23, 2013)


Implications of the Final Rule (EHR Incentive Program)

Harmonizes MU criteria across CMS programs as much as possible

Closely links with ONC Certification and Standards Final Rules

Builds on recommendations of HIT Policy Committee and Public Commenters

Coordinates with existing CMS Quality Initiatives

Provides a platform that allows for staged implementation of EHRs over time


Key Players

CMS - Centers for Medicare & Medicaid Services• Established EHR Incentive Program (formal rule making) • Rule provides parameters and requirements for Medicare &

Medicaid EHR Incentive Programs

ONC - The Office of the National Coordinator for HIT• Resource to support adoption of Health Information

Technology (HIT) and promotion of nationwide Health Information Exchange (HIE) to improve health care

OCR - Office for Civil Rights• Responsible for HIPAA Enforcement (Privacy & Security)


Other Key PlayersQuality Reporting Groups

The Joint Commission – hospital quality measures Hospital Inpatient Quality Reporting (HIQR) Physician Quality Reporting System (PQRS) CMS Shared Savings Program National Council for Quality Assurance (NCQA)

Others?


Incentive Money for Meaningful UseMedicare EHR Program

Participation started FY 2011

EPs may receive up to $44,000 over 5 years

Must begin by 2012 to get maximum funds

Incentives for hospitals began in 2011 w/ $2 million base payment

Medicare EPs, hospitals and CAHs who do not show meaningful use have payment decrease beginning 2015

Medicaid EHR Program

Voluntarily offered by individual states

Began 2011; States on board 2012

EPs may receive up to $63,750 over 6 years

Incentives for hospitals began 2011

No payment adjustment for providers who do not show meaningful use


Eligibility – Medicare & MedicaidThe EHR Incentive Programs are available for

Medicare and Medicaid eligible professionals.

There are two (2) programs: a Medicaid EHR Incentive Program and a Medicare EHR Incentive Program.

Although the two programs are similar in many ways, there are also some differences between them.

Eligible professionals can only participate in one of the programs. If an eligible professional chooses to participate in the Medicaid EHR Incentive Program, then she or he can participate in only one state’s incentive program in any given year.


Meaningful Use Stages


Clinical TransformationMU represents the means of clinical

transformation – managing information for better care, safer care, more effective and efficient care.

Stages 1 – 3 of MU progress from capture of health information and reporting of QCM and public health data (Stage 1) to information exchange and decision support (Stage 2) to systematic health care improvement (Stage 3).


Key Elements of an Effective MU Program

Governance

Interdisciplinary Process

Program Goals

Financial Reporting and Reconciliation

Outcomes Reporting – Plan for Quality Reporting Alignment

Documentation

Security Risk Analysis/Risk Management


GovernanceMonitoring, tracking, and managing compliance with

the various and ever-changing requirements requires a concentrated focus and effort.

A successful meaningful use program requires three foundational work streams:

incentive program compliance

organization performance, and

electronic health record (EHR) enhancement

The Meaningful Use Program requires comprehensive coordination and oversight to ensure current compliance and to establish capabilities for future health reform initiatives.

Charter Statement is important.26Phyllis A. Patrick & Associates LLC

Interdisciplinary ProcessSenior leader as sponsor and champion.

This is not an IT initiative.

Clinical leadership is key.

Areas involved should include: medical, nursing, and clinical staff; ancillary services; quality/performance improvement; risk management; legal services; information security and privacy; finance; health information management; practice managers, information technology; and other key stakeholders.


What are appropriate roles for HIM professionals?


Consider adopting the following ….

Seek knowledge. People who are resilient are always curious, excited about life, and wanting to know more. They embrace the unknown and want to feel more knowledgeable about the world.

The more you know, the more equipped you are to deal with challenges and to be able to vision opportunities.

Ask questions!


Program GoalsFlow from the Charter and Governance Structure

Relate to organizational Mission, Vision, Values

Foundation in strategic plan, IT plans, quality plans

Outcomes reporting and plans for measures reporting alignment

Ongoing auditing and monitoring

Coordinating/directing activities for internal compliance audits

Managing preparation and responses to external compliance audits

Align MU improvement initiatives with current and future organizational quality initiatives.


Financial Reporting and Reconciliation

EHR technology is not critical to the delivery of patient services.

Incentive payments are similar to revenues derived from sources other than providing healthcare services.

How can management determine whether there is reasonable assurance that meaningful use has been or will be achieved for a particular period?

Set aside for contingency/pay-back?

HFMA Issues Paper (2011) Contingency Model IAS Grant Accounting Model


Outcomes Reporting/Clinical Quality Measures

CMS selected CQMs to align with DHHS’ National Quality Strategy priorities for health care quality improvement.

CMS Quality Domains: Patient and Family Engagement Patient Safety Care Coordination Population and Public Health Efficient Use of Healthcare Resources Clinical Processes/Effectiveness


Quality Professionals Need to be Involved

Stage 2 goals focus on ensuring that the meaningful use of EHRs supports the priorities of the National Quality Strategy. Use of Health IT for continuous quality improvement at

point of care Exchange of information in a structured format

Health Information Exchange requirements: E-prescribing becomes more demanding Structured lab results need to be incorporated Electronic transmission of patient care summaries to

support transitions in care across unaffiliated providers settings and disparate EHR systems.

INFORMATION FOLLOWS THE PATIENT.


OIG Interest in MU

“Early Assessment Finds that CMS Faces Obstacles in Overseeing the Medicare EHR Incentive Program”

HHS, OIG, November 2012.

Included review of self-reported MU use of certified EHR technology.


OIG’s Comments

“CMS faces obstacles to overseeing the Medicare EHR incentive program that leave the program vulnerable to paying incentives to professionals and hospitals that do not fully meet the meaningful use requirements…. CMS has not implemented strong prepayment safeguards, and its ability to safeguard incentive payments post-payment is also limited.” (2012 Report)


OIG’s 2014 Report

CMS AND ITS CONTRACTORS HAVE ADOPTED FEW PROGRAM INTEGRITY PRACTICES TO ADDRESS VULNERABILITIES IN EHRs January 2014

“CMS and its contractors had adopted few program integrity practices specific to EHRs. Specifically, few contractors were reviewing EHRs differently from paper medical records. In addition, not all contractors reported being able to determine whether a provider had copied language or over-documented in a medical record. Finally, CMS had provided limited guidance to Medicare contractors on EHR fraud vulnerabilities. “


Vendor Technology Stability

Vendors under increasing pressure to deliver changes for Stages 2 and 3.

Providers need to stay in contact with vendors and understand their delivery timelines and limitations.

Due diligence and documentation re. vendor challenges and any failures to meet criteria.

Providers should not rely on vendors to perform risk analysis or substantiate that all criteria are met.

Management, clinicians, IT, and others need to be on same page.


Additional Resources Are Needed

MU is an ongoing, dynamic PROGRAM, not just a source of funds.

This is not another IT project.

Don’t assume that technology can lead to FTE reductions.

Support for MU will require additional resources. Key issues will include: Vendor management Implementation of software changes and system

modifications Infrastructure changes Interface development and maintenance Need for sound change management procedures Interface with HIEs and other provider organizations


Security Risk Analysis and Risk Mitigation:

Meeting Privacy & Security Requirements


The Weak Link: HIPAA RA/RM Requirements

“… conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI. Once have you completed the risk analysis, you must take any additional “reasonable and appropriate” steps to reduce identified risks to reasonable and appropriate levels.” (45 CFR 164.308(a)(1)(iii))


Security in Stage 2Core Objective 15

Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.Note: the preamble specifically addresses

encryption/security of data stored in Certified EHR Technology, and notes that a review of the assessment must be conducted each EHR reporting period.

Expectation is that security will evolve and change as needs change.

Expectation of robust security.


Stage 1 vs. Stage 2

Objective: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.

Security Risk Analysis must be conducted during each reporting period for Stage 1, Stage 2, and Stage 3.


Measure: Stage 1 vs. Stage 2Stage 2: Eligible professionals (and hospitals)

need to meet the same security risk analysis requirements as Stage 1, but must also address the encryption/security of data at rest.


Ensure Security Risk Analysis was conducted…..

Perform or review existing Security Risk Analysis of your certified EHR technology Do you have copies of your vendor’s security

policies? Has testing been thorough and documented

any potential security issues have been “fixed”?

Have you/vendor made any security updates (e.g., updated certified EHR software)?

Have you/vendor corrected any security deficiencies (workflow, storage, etc.)?


Additional Precautions

Don’t attest for EHR Incentive Program until you have conducted the security risk analysis (or reassessment) and developed a risk mitigation plan to correct any deficiencies identified during the risk analysis. You must implement the plan, which can be phased, but needs to be clear and documented.

Document changes/corrections in the security program.

Update policies as appropriate to reflect changes and improvements.

Communicate policies and changes.


Keep in mind….When a provider attests to meaningful use, it is

a legal statement that the provider has met the specific standards, including protecting electronic health information.


False Claim “Engaging in a conspiracy to defraud by the

improper submission of a false claim”

FCA strengthened by: Fraud Enforcement and Recovery Act (2009) -

redefined “obligation” to include “retention of any overpayments”

Patient Protection and Affordable Care Act (2010) - “… a person need not have actual knowledge … or specific intent to commit a violation” Providers will not be able to successfully argue that they did not know.


Recoupment of Funds

Failure to meet one (1) of the criteria can result in recoupment of all payments.

Some providers’ incentive funds been recouped and some have self-disclosed and paid monies back.

Be aware CMS has noted that “several providers” have been referred for possible fraud investigations, through direct reports to CMS.


Potential Bumps in the Road… The Attestation Process

“If you attest prior to actually meeting the meaningful use security requirement, you could increase your business liability for federal law violations and making a false claim. From this perspective, consider implementing multiple security measures as feasible, prior to attesting. The priority would be mitigating high-impact and high-likelihood risks.”

ONC Guide to Privacy and Security of Health Information


Final Statement in Attestation “I certify that the foregoing information is true,

accurate and complete. I understand that the Medicare/Medicaid EHR incentive program payment I requested will be paid from Federal Funds, that by filing this … claim for Federal Funds, and the use of any false claims, statements, or documents, or the concealment of a material fact used to obtain Medicare/Medicaid EHR incentive program payment, may be prosecuted under Federal or State criminal laws and may also be subject to civil penalties.”


Between You and Your Contractor…

If during attestation, you or your EHR contractor answered “yes” that you were in compliance with this MU criteria without first ensuring complete compliance with the Security Rule Risk Analysis requirements, not only is your incentive payment at risk, but you also may be subject to liability under the Federal False Claims Act.


The MU Audit ProgramThe Basics

Federal and State Programs

2014 and Beyond: What can we Expect?

45 CFR Section 164.308(a)(1)(ii)


Meaningful Use Audit Process Pre- and post-payment

audits (January 2013 )

Edit checks in EHR systems

Documentation audits

Source documents required

Appeals process (888-734-6433)

Comprehensive audits

Payment recoupment


Figliozzi & Company

Desk audits

Post payment audits for EPs and EHs

Pre payment audits for EPs

Candidate for audit after meeting MU for full year

Turnaround time for audit results can vary: Extent of audit activity at the time Degree to which your documentation submission is complete

CMS Audit Activity To Date


55

Audit Request from


Documentation for MU Audits


Supporting Documentation Required for pre- and post-payment audits

Must support meaningful use and clinical quality measure data that is submitted

All source material (paper and electronic) must be saved for at least 6 years from attestation

If using hospital cost report data, follow data retention policies and process

Documentation must support payment calculations (hospitals)

Reports must come directly from the certified EHR system/modules.

Don’t rely on vendor for documentation!


Additional Supporting Documentation

Primary documentation should include Numerators and denominators used for the

measures Time period the report covers Evidence to support that the report was generated

for the eligible hospital, eligible provider (NPI, CCN, provider name, practice name)

Documentation that demonstrates how data was accumulated and calculated.


Source Documents

Audit logs

Screen shots

Letters received from public health agencies

Summary of data that supports the information entered during attestation


Good Documentation Practices

Maintain all documentation for at least 6 years.

Review all supporting documentation for attestations, CQMs, payment verification, etc. BEFORE any audit request.

If contractor was used for Attestation process, review supporting documentation on a regular basis. Ask questions. Make sure you have all documentation.


Good Documentation Practices (Cont’d)

Verify that incentive payments were accurate (possible over-payments or under-payments).

Make sure you have proxy permission from your EPs to attest on their behalf.

SAVE EVERYTHING!


Future Audit Processes

Figliozzi current contract for 3 years (2012 – 2015).

Will CMS use another contractor for next phase?

Next phase will be more robust and comprehensive.

May be process oriented, include analysis of quality reporting, testing of EHR systems, etc.

MU is a dynamic, ongoing program and process!


Role of HIM in the Meaningful Use Program


Participation is key! Governance – Steering Committee and decision-making

processes

Documentation Policies and Practices – implementation and advisory roles

Security Risk Analysis/Mitigation requirements – advocate and participant roles

Menu Set Criteria/Measure Selection for hospital and eligible professionals

Tracking requirements and regulatory changes

Knowledge of data collection, data aggregation, data integrity issues

Interface with and train clinicians

Clinical Quality Measures – participation in strategy and working with Quality Officer/Performance Improvement group reporting and advisory


EHR: A Platform for QualityEHR Functionality is the beginning, not the

endpoint.

The quality of data and what providers do with the EHR is important and has to be carefully planned and vetted.

EHRs can be used to improve care. When will we get there? How do we get there?

Understanding the “BIG Picture” is key!


Quality Informatics

“the study of use of information in understanding and improving the quality and safety of health care. It seeks to measure the quality of health care.”


The “Classic” Quality Measurement Model

67

Donabedian, A., The 7 Pillars of Quality

Crossing the Quality Chasm, Institute of Medicine 2001


Clinical Quality Measure Alignment


Quality Programs – How many?Hospital Inpatient Quality Reporting HIQR)

The Joint Commission

Physician Quality Reporting System (PQRS)

CMS Shared Savings Program

National Council for Quality Assurance (NCQA)

Children’s Health Insurance Program Reauthorization Act


CMS Goals and Plans for Alignment

Hospitals may voluntarily submit clinical quality measure data electronically, beginning in 2014.

CMS Goal: to simultaneously satisfy quality reporting requirements for both Medicare EHR incentive program (MU) and Hospital Inpatient Quality Reporting programs.

Hospitals benefit: Collaboration among multiple teams and departments May reduce costs (reductions in chart abstraction

activities) Reduced regulatory reporting burden


Reporting for Eligible Professionals

“For EPs, we proposed a set of 12 clinical quality measures beginning in 2014 that align with existing quality programs such as measures used for the Physician Quality Reporting System (PQRS), CMS Shared Savings Program, and National Council for Quality Assurance (NCQA) for medical home accreditation, as well as those proposed under Children’s Health Insurance Program Reauthorization Act.”

“For eligible hospitals and CAHs, the set of 24 CQMs we proposed beginning in 2014 would align with the Hospital Inpatient Quality Reporting (HIQR) and the Joint Commission’s hospital quality measures.”


Harmonization of Quality Reporting

CMS goal is to harmonize all quality reporting programs with EHR electronic reporting.

In 2014 simultaneous reporting is voluntary. At some point (TBD), CMS will make this mandatory.

How are hospitals and physicians preparing???


Decisions Hospitals Must MakeWhen to begin to align CQM and MU reporting, i.e. in

2014 or continue to report measures separately

Separate reporting requires submission of 57 CQMs for calendar year via chart abstraction and 16 CQMs for selected reporting period via CMS attestation portal for MU

Alignment of reporting between the 2 programs – EHR incentive program requires reporting for 1 quarter

of patient-level data for 16 CQMs electronically and Inpatient Quality Reporting CQMs requires electronic reporting of 57 inpatient measures via chart abstraction

FY 2014 IPPS Final Rule, pages 50811-50819


Quality Reporting is a Strategic Decision

What resources and capabilities does the hospital have to align and report measures simultaneously?

What is the organization’s strategy on quality reporting? Are the different reporting requirements centralized and coordinated?

How does data align across departments? How is data integrity addressed with quality reporting requirements?

Is the EHR capable of creating and submitting reports for the various requirements?

What is the organization’s plan for simultaneous reporting - need to balance competing priorities and resources?

How do quality reporting, EHR development, and clinical priorities fit with the organization’s overall strategic plans and goals?


How Can HIM Participate?


Q and A/Discussion


Security | Privacy | Culture

Phyllis A. Patrick, MBA, FACHE, CHCPhyllis A. Patrick & Associates LLC

[email protected]

914-696-3622

77

http://www.phyllispatrick.com/

mailto:[email protected]