CHIME is the professional organization for chief information officers and other senior healthcare IT leaders.
CHIME has produced a CIO-oriented publication providing details on how organizations should focus their efforts to implement EHR systems that will qualify for stimulus funding payments through the HITECH Act. The 80-page guidebook is available free to the public and can be downloaded here.
Also, the American Hospital Association (AHA) and CHIME have worked collaboratively to create a guidebook for CEOs on the HITECH Act and meaningful use implementation. The handbook entitled, “Health Care Leader Action Guide on Implementation of Electronic Health Records”, provides a readable, actionable, step-by-step guide designed to assist CEOs and other C-suite executives in the EHR implementation process. The 22-page guide is available free to the public and can be downloaded here.
- Image via Wikipedia
Medicare Definition of Eligible Provider (EP)
For Medicare, physicians and some hospitals are eligible providers. “Physicians” includes doctors of medicine (MD) or osteopathy (DO), dentists or dental surgeons (DDS or DMD), podiatric medicine (DPM), and optometry (OD) and chiropractors (DC).
For providers, their annual payment will be equal to 75 percent of Medicare allowable charges for covered services in a year, not to exceed the incentives in the table below. Payments will be made as additions to claims payments.
Hospitals include quick-care hospitals (subsection-d) and critical access hospitals and only includes hospitals in the 50 States or the District of Columbia.
Medicaid Definition of Eligible Provider (EP)
Medicaid takes the Medicare definition of eligible providers (physicians) and adds nurse practitioners, certified nurse midwives and physician assistants, however, physician assistants are only eligible when they are employed at a federally qualified health center (FQHC) or rural health clinic (RHC) that is led by a Physician Assistant. Eligible hospitals include quick care hospitals and children’s hospitals.
At minimum, 30 percent of an EP’s patient encounters must be attributable to Medicaid over any continuous 90-day period within the most recent calendar year. For pediatricians, however, this threshold is lowered to 20 percent.
The first year of payment the Medicaid provider must demonstrate that he is engaged in efforts to adopt, implement, or upgrade certified EHR technology. For years of payment after year 1, the Medicaid provider must demonstrate meaningful use of certified EHR technology.
Change 1:
The definition of “hospital-based physician” was recently clarified to include physicians working in hospital outpatient clinics (employed physicians) as opposed to the inpatient units, surgery suites or emergency departments. This still excludes pathologists, anesthesiologists, ER physicians, hospitalists and others who see most of their patients in the ER as outpatients or as hospital inpatients.
Possible Change 2:
The Health Information Technology Extension for Behavioral Health Services Act of 2010 (HR 5040) is a bill in the US Congress originating in the House of Representatives that would amend the Public Health Service Act and the Social Security Act to extend health information technology assistance eligibility to behavioral health, mental health, and substance abuse professionals and facilities, and for other purposes. You can track the bill here.
For more information on stimulus money for meaningful use of an EMR, read my post here.
With so much going on in healthcare, it would not surprise me if a lot of practices missed the February 2010 deadline for three expanded HIPAA rules. This expansion was dictated by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed by Congress in February 2009.
If you haven’t already, get started now with the new requirements.
- New obligations for business associates (BA) – February 17, 2010 Remember that a BA is a person or organization outside of your entity with whom you share protected health information (PHI) so they may provide services to you. Good examples are your billing service, collection agency, attorney, consultant, computer vendors, attorneys and providers of documentation abstracting or coding services. Under HITECH, BA have the same responsibilities for breaches as the healthcare entity does, but it is the healthcare organization’s responsibility to have an updated, signed BA agreement in place that describes this new responsibility. Here is an excellent example of a BA agreement (first link under Publications) that you can download and tweak for your practice.
- New disclosure agreement provision – February 18, 2010 This is a big one! Patients now may waive their right to have you file their medical insurance, pay for your services themselves and request that their medical information NOT be disclosed to their insurance plan or any other entity. In other words, patients may elect to become “self-insured”. I recommend that you create a new financial class for these patients so they neither fall into the standard self-pay/financial assistance class or into their actual insurance class. These patients, if you have any, will need to be identified according to their wishes, which could mean that they want you to file insurance for some services and not for others. This means their record must be tagged for what records can be released and what records cannot. There could be an argument made either way for whether or not these patients should receive self-pay discounts that you have in place for your non-insured patients. I would be interested to know how different groups have decided to handle this. There are sample forms for PHI disclosure accounting and for patients to request an accounting of PHI disclosures in the Manage My Practice Library under Operations.
- Information breach notification – February 22, 2010
We’ve heard a lot about this one as the media (along with HHS) must now be notified if a PHI breach involves 500 people or more. Breaches are being reported weekly as non-encrypted laptops are stolen or repurposed, and as copier hard drives (story here) go unnoticed as a security risk. If a breach involves 500 people or less, each individual must receive written notice with details of the breach, the information disclosed, and the steps being taken by the practice or entity to avoid any future breaches, as well as explaining the rights of the patient(s) in protecting their private healthcare information. Several of my employees have received notification letters from health plans and they have been horrified that this could happen. Note that entities that secure health information through encryption or destruction don’t have to provide notification in the event of a breach!
Enforcement is also beefed up.
Criminal penalties will apply to covered entities that violate privacy rules AND to those organizations’ individual employees (can you track who accesses whose records when?) Civil penalties have been increased and harmed individuals may share in the booty. Probably most importantly, HITECH gives state attorneys general the power to enforce HIPAA rules.
Other resources:
ARRA: American Recovery and Reinvestment Act of 2009, also called “The Stimulus Package” or “The Stimulus Bill.” Of the $850B in the bill, $51B is pegged for the health care industry and $19B of that will be used to incent medical practices to adopt EMRs/EHRs.
CCHIT: the Certification Commission for Health Information Technology is a private organization that certifies EMRs and EHRs based on 475 criteria spanning functionality, interoperability and security. CCHIT does not evaluate ease of use of products, financial viability of the company offering the software; or the quality of customer support offered by the software vendor. Whether or not CCHIT will be THE certifying organization to approve “qualified EMRs” will be announced at the end of the year. (Can be pronounced “SEA-CHIT” or each letter can be pronounced as in “C.C.H.I.T.”)
Comparative Effectiveness: Comparative Effectiveness Research (CER) compares treatments and strategies to improve health. For CER, HITECH provides $300M for the Agency for Healthcare Research and Quality, $400M for the National Institutes of Health, and $400M for the Office of the Secretary of Health and Human Services. (more…)
