meaningful use update eligible professionals · security audit requirements •objective: protect...
TRANSCRIPT
Meaningful Use Update – Eligible Professionals
December 2011
Discussion Topics
• Welcome, HITECH Program Update
• Topics for Clarification (Stage 1) – CPOE
– Quality Measures
– PQRI e-prescribing verses Meaningful Use e-prescribing
– Clinical Decision Support
– Public Health Reporting (Immunization and Syndrome Surveillance)
– Security Audit
– Data Exchange Requirement
– Audits and Documentation suggestion
• How to register, obtain vendor number, attest
• Stage 2 Update and Closing
2
HITECH PROGRAM UPDATE
3
National Numbers (By Program)
• The Medicare EHR Incentive Program has made payments of more than $527 million (actual MU achievement)
• Over $711 million has been paid in Medicaid EHR incentives since the program began in January (AIU and Achievement)
• There are 138,570 active registrations of eligible professionals and eligible hospitals for the Medicare and Medicaid programs
4
As of 10/31
National Numbers (By State)
5
MI
Michigan Numbers
6
http://www.michiganhit.org/
TOPICS FOR CLARIFICATION (STAGE 1)
7
CPOE Requirements
• Requirement: >30% of patients
• Denominator: Unique patients during the reporting period
• Numerator: At least one medication entered by “licensed healthcare professional”
• Rationale: Relationship to action on clinical alerts • Drug-allergy, drug-drug, drug-condition
• FAQ response
• Exclusion: <100 Rxs during reporting period
8
“medications directly entered by any licensed healthcare professional who can
enter orders into the medical record per state, local and professional
guidelines”
PFR & PFP
MU Quality Measures, PQRP, and eRx
• Similarities , differences, and cross-overs
MU and Medicare Incentives
Meaningful use Core Measures
Medicare incentives
• Use eRx for 40% of non-narcotic Rxs
• Report on 6 Quality Measures
• eRx
• PQRP
MU and Medicare Incentives
Medicare MU $ Medicaid MU $
eRx $ No Yes
PQRP $ Yes Yes
MU and other incentives
Medicare MU $ Medicaid MU $
eRx $ No Yes
PQRP $ Yes Yes
CMS clarification: Reporting eRx codes will not
impede receiving MU incentives.
eRx
1. Goal: ↑ eRx usage 2. Fax and eFax does not count 3. Only “eligible Rxs” (not narcotics) 4. MU eRx core requirement 40%
1. numerator and denominator 2. exclusion <100 Rxs
5. eRx Incentive/Penalty 1. Registry or claims based reporting to claim
incentive 2. Claims based reporting to avoid penalty
Medicare eRx
• 2011 Requirement • G8553 • 25 reporting events required
• Avoid 2012 Penalty Process • If >10 claims with correct G codes • First 6 months of 2011 • Penalty exemptions
2010 2011 2012 2013 2014
Incentive 2% 1% 1%
Penalty - 1% 1.5% 2.0%
Incentive or Penalty
eRx Recommendation
MU
1. Monitor provider %
2. > 40 % goal
eRx Incentive/Penalty
1. Report >50 eRx G codes (G8553) in 2011
2. Review exemption criteria
3. Review 2012 Criteria
A. Optimize eRx utilization ASAP
B. eRx $ or MU $ in 2011
MU and other incentives
Medicare MU $ Medicaid MU $
eRx $ No Yes
PQRP $ Yes Yes
PFR Quality Measures
MU
Report on 6 measures
• 3 core/alternative core
• 3 additional
• Attestation 2011
• Web based 2012
PQRP
Report on any 3 measures
• Claims or Registry
MU Quality Measures
• 3 Core or alternative Core, and 3 Additional
• 38 NQF measures
• 2011 Attestation
– Numerator and denominator
• 2012 Web based
Quality Measures
19
Measures EP1 - PC EP2 - PC EP3 - Spec EP4 - Spec
3 Core 20/200 17/150 1/150
20/200 17/150
0/0
20/200 0/185
0/0
0/0 0/0 0/0
3 Alt 32/200 16/150
0/0 0/0 0/0
Menu (38)
1 - 32/275 11 - 2/250 12 - 8/250
11 – 16/175 12 - 21/225 26 - 12/200
23 – 10/150 30 – 6/100 32 – 5/125
19 – 16/45 27 – 0/50 30 – 6/40
• Must report 3 measures above the line and three below
• “0” in the numerator is not the same as “0” in the denominator
• Menu items limited by Measures Certified by EMR vendor
Must Have
3 Above &
Below
MU Core and Alternative Quality Measures
Core
• NQF 0013 BP measurement in hypertensives
• NQF 0028 Tobacco assessment and cessation
• NQF 0421 Adult weight and follow up
Alternative Core
• NQF 0024 Pediatric weight and follow up
• NQF 0041 Flu vacc > 50 years old
• NQF 0038 Pediatric immunization status
MU Additional Quality Measures
• 38 Additional Measures
• Limited number of specialty specific measures
• Need to report on 3
Stage 1 Menu Quality Measures
Detailed list provided on CD
PQRP 2011
• Most are also NQF measures
– Some identical to MU CQM
• Claims based reporting
– >80% eligible encounters for 3 measures
• Registry based reporting
– Report on three measures
• No quality threshold
• 1% 2011 Medicare MAC
Quality Measures Recommendations
MU
1. Identify 3 core/alternative core
2. Identify =>3 additional
3. Practice measurements
PQRP Incentive/Penalty
1. Identify >3 measures
2. Choose claims or registry method
– Find a registry !
A. Identify measures for your practice
B. PQRP $ and/or MU $ in 2011
Clinical Decision Support Requirement
• Must enable and configure Decision Support engine within the certified EMR
• Select a standard rule or define/configure a custom rule (appropriate for your practice)
• Demonstrate ability to track compliance
– How many times was the rule triggered?
– If possible, what action was taken or not taken
• Examples – Next Slide
25
“Implement one clinical decision support rule relevant to specialty or high clinical
priority along with the ability to track compliance to that rule”
Rule Examples
1. For diabetic patients, an alert which allows the physician to order a hemoglobin A1c test if there is no hemoglobin A1c result in the past six months
2. For a patient with a history of ischemic vascular disease without contraindications for aspirin use, and who does not have aspirin on his medication list, an alert which asks the provider if the patient is currently taking aspirin and if not, allows the provider to order it
3. For women age 40-69 with no mammogram in the past year, an alert and/or an order set to facilitate ordering of this diagnostic study
4. For patients 18 and older – alert if have NOT received smoking cessation counseling
26
Public Health Reporting Requirements
• Submission to Immunization Registries - Capability to submit electronic data to immunization registries or Immunization Information Systems and actual submission in accordance with applicable law and practice.
• Submission of Syndromic Surveillance Data - Capability to submit electronic syndromic surveillance data to public health agencies and actual submission in accordance with applicable law and practice.
27
EPs must include 1 Public Health Reporting Objective
in the chosen Menu Items
Immunization Registry
• Michigan Care Improvement Registry (MCIR) is the approach most MI EHs and EPs are using for Public Health Reporting
• MDCH has determined MCIR has the capacity to receive immunization data in accordance with the established meaningful use vocabulary and content exchange standards. Therefore, all eligible professions and hospitals administering immunizations in Michigan do not qualify for exclusion
• The old EXT MCIR Transfer format is not eligible for the MU incentive
• The Michigan Department of Community Health (MDCH) has developed a testing process
• Testing to certify for meaningful use will be conducted in a test environment using the version 2.5 or 2.3.1 HL7 VXU message
– The Medicare program is already active; A Medicaid program is schedule to begin in Jan. 2012
– Get more information at http://mcir.org/meaningfuluse.html
28
Perform at least one test of certified EHR technology's capacity to
submit electronic data to immunization registries and follow up
submission if the test is successful
Syndromic Surveillance Data
• More complicated and advanced public health requirement
• "the systematic process of data collection and analysis for the purposes of detecting and characterizing outbreaks of disease in humans and animals in a timely manner"
• The CDC contracted with International Society for Disease Surveillance (ISDS) to develop business and infrastructure requirements for syndromic surveillance using clinical data from health information exchanges
• The “PHIN Messaging Guide for Syndromic Surveillance: Emergency Department and Urgent Care Data Version 1.0” (HL7 v2.5.1 (v2.3.1 Compatible)) was released on 10/18/11 and includes minimum syndromic surveillance data standards
• This standards are intended to help local, state, and federal public health agencies get information to detect and respond to more outbreaks and health events more quickly
29
Performed at least one test of certified EHR technology's capacity to provide
electronic syndromic surveillance data to public health agencies and follow-up
submission if the test is successful (unless none of the public health agencies to
which an EP submits such information have the capacity to receive the information
electronically.)
Security Audit Requirements
• Objective: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.
• Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.
– Must be conducted during the reporting year in which you attest
– Must be conducted every year thereafter.
– Act upon findings of security audit
30
Security Audit Requirements
– Audit logs (your certified software should do this)
– Access granted is appropriate
– Terminated employees removed
– Policy on password strength
– Computers and Screens secure and locked
– Fax machines secure
– Concurrent sessions limited
– Security patches
– Virus protection
– Policy on PHI release
– Wireless secure
– Firewall enabled
31
Security Audit Requirements
– Shredders used
– PHI disposed of properly
– Electronic media disposed of properly
– HIPAA training in place
– Signed confidentiality in place
– Employees aware how to report breaches
– BAA (Business Associate Agreements) in place
– Vendors properly identified
– ID’s worn
– Backups of PHI conducted and stored properly. Restores tested
– Downtime policies in place
– Network security analyzed
32
Security Audit Requirements
– Encryption in place
– Secure emails in place for PHI
– Paper records secure
– Policy for subpoenas, court orders, etc.
– Policy in place for accessing own records
– PDA’s secure
– Inappropriate Internet access restricted
– Keys tracked
– Audits conducted
– Printers secure
– No PHI is common folders, drives
– Automatic log outs in place
33
Security Audit Requirements
• Sample long version and short version on CD.
• Do not just check pass. Auditors will want to see details and documentation
34
Data Exchange Requirements
• Objective: Capability to exchange key clinical information (for example, problem list, medication list, medication allergies, and diagnostic test results), among providers of care and patient authorized entities electronically
• Measures: Performed at least one test of certified EHR technology’s capacity to electronically exchange key clinical information.
35
Data Exchange Requirements
• Notes:
– Different legal entities
– Distinct Certified EHR technology
– Exchange CCD/CCR
– Exchanging lab or transcribed data is not appropriate
– Actual patient data is not required (test data in production environment is encouraged)
– Test can be unsuccessful
– Test every reporting period
– Cannot exchange through CD, USB, hard drive
36
Data Exchange Requirements
– Can exchange with Munson through [email protected] or a Munson drop box (instructions on the CD provided)
– Practice to receive letter stating participating.
37
Data Exchange Requirements
38
Audit Documentation
39
Artifact Description Comment Interpretation Rationale
Document rationale for any requirement specific interpretations or assumptions
Especially important on any requirements where MMH might stay closer to the letter of the law
Certified EMR Document your overall certification strategy and provide a specific approach to requirements that are not simple
Example - if you choose not to use your AEMR vendor’s hub product to meet the data exchange requirement, explain your understanding of how you meet the certification requirement
Process Flow An overview flowchart or swim lanes are an important part of documenting processes
Example - Problem list flow showing who does what, when, with what tool
Process Documentation
Process definitions that support the process flow and identify roles and responsibilities
Define a standard and follow it for each requirement and measure
Measure Threshold
Document the value of your measure for each requirement and how you tracked it
Again, do this in a standard and consistent way for each measure (it can be simple)
Proof/Confirmation
Provide any work objects that may support and give evidence to the achievement of a requirements
Example - letter from testing partner in Exchange of Clinical Data requirements; OR screen prints or reports that prove a capability was turned on and in use
Other Think through each requirement and provide any information or results that would help MMH defend their attestation in the future
Remember you are subject to audit for up to 6-10 years after attestation. The documentation should be standalone, solid, and locked down
The table below outlines HIMformatics generic documentation recommendations for Stage 1 Meaningful Use Audit
Documentation. All of these items may not be necessary for each requirement.
MHC Audit Documentation Recommendations
40
MHC Audit Documentation Recommendations
41
MHC Audit Documentation Recommendations
42
EP Registration Process
• Registration User Guide (provided on CD)
• Medicaid EHR Guide (provided on CD).
• Medicaid State Level Registration (provided on CD).
• EP Attestation Webinar (provided on CD)
• EP Attestation Worksheet (provided on CD) – a must for filling out in advance of attesting
43
EP Registration Process
• http://onc-chpl.force.com/ehrcert/chplhome (Certified Health IT Product List)
• RHC and FQHC do not qualify for Medicare (loophole in the system right now and my never be fixed).
• RHC and FQHC have different criteria for Medicaid eligibility
• Get all your ID’s before you register, can take weeks or months to track down (and apply for). The billing office may be able to help.
• Suggest not register really far in advance (too many physicians change practices).
44
Stage 2 and Stage 3
45
Goals by Stages
The initial HITECH stage goals show the program vision
46
Stage 1 “Capture”
Stage 2 “Expand”
Stage 3 “Improve”
Stage 2 Meaningful Use
• All Stage 1 Menu requirements will be mandatory
• EPs and EHs must meet Stage 2 requirements in their third year of program participation or 2014, whichever is later
• Thresholds for Stage 1 requirements will been increased and new requirements will also been added
47
Stage 2 & 3: Adjustments
Requirements Stage 2 Stage 3
CPOE Increase to 60% Include med, lab & rad orders
80%
eRX 50% med orders (EP & hospital discharge)
80%
Clinical Quality Measures TBD TBD
Clinical Decision Support (CDS)
Use CDS Rules on high priority conditions
Use CDS Rules to improve performance
Patient lists Generate pt list for multiple parameters Use pt lists to manage high-priority patients
HIE Connect to at least 3 external providers in primary referral network or 1 HIE
Connect to 30% of external providers or 1 HIE
Med Rec 80% 90%
Other All Stage 1 menu items required Problem list, meds, allergy lists are ‘up-to-date’
48
Stage 2 & 3: Major New Criteria
Requirement Hospital EP
Clinical Documentation
Physician, PA, NP Notes Electronic MAR
Physician Notes
Patient Portal Electronic ‘relevant information’ about hospital encounter
Download relevant information about a clinical encounter Download data from a longitudinal record 20% of patient use a web-based portal (30% in Stage 3) Use online patient messaging
Continuity of Care List of care team members Longitudinal care plan for pts with high-priority conditions
List of care team members Longitudinal care plan for pts with high-priority conditions
49
Key Dates for Stage 2
• Q4 2011
– CMS publishes NPRM on Stage 2 Criteria
– ONC publishes Interim Final Rule on standards and certification for Stage 2
• Mid-to-late 2012
– Final rules for Stage 2 published
50