CMS released the highly anticipated QPP Year 2 Final Rule late last week. The 1600 page document builds off the 2015 MACRA legislation and provides flexibility and clarification of the Quality Payment Programs and MIPS. Please join us at the Kentucky Regional Extension Center on November 16th at 11 am for a live webinar where we will highlight the changes for 2018 to the Quality Payment Program made in the Year 2 Final Rule.
Register here for Kentucky REC’s QPP Year 2 Final Rule Webinar Thursday Nov 16, 2017 11am-12 pm Password: MACRA
Provided below is a summary of a few of the changes as well as links to additional information. We will have a more complete review of the changes during our webinar next week.
Some changes of the 2018 Quality Payment Program Final Rule:
- Low volume threshold finalized at ≤$90,000 in Part B allowed charges or ≤200 Part B beneficiaries
- New performance threshold is set at 15 points, up from 3 points in 2017
- Cost performance category will remain 10% of final score in 2018 and will be calculated based on two measures: Medicare Spending Per Beneficiary and Total Per Capita Cost
- Quality performance category will require 12 months of reporting for 2018
- To receive full credit using patient-centered medical home recognition/certification for the Improvement Activities performance category, organizations must have 50% of practice sites within a TIN recognized/certified
- New bonus points are available for showing improvement in the Quality category year over year, demonstrating care for complex patients and being a clinician or group with 15 or fewer clinicians
- Use of either 2014 or 2015 Certified EHR Technology for 2018 is allowed; a new 10% bonus is available in the Advancing Care Information (ACI) category if you only use 2015 Edition CEHRT all year
Additional information on the MACRA/ Quality Payment Program Final Rule:The Quality Payment Program final rule with comment period (CMS-5522-FC and CMS-5522-IFC) can be downloaded from the Federal Register here.
A Fact Sheet on the Quality Payment Program final rule with comment period is available here.
Contact the experts at Kentucky REC for all your QPP and MIPS questions. We’re here to help. Call us at 859-323-3090
Eligible Hospitals and Critical Access Hospitals: Submit Meaningful Use Data to the Hospital Quality Reporting System (HQR) via the QualityNet Secure Portal in 2018
CMS has issued the following guidance regarding the notice “Submit Meaningful Use Data to the Hospital Quality Reporting System (HQR) via the QualityNet Secure Portal in 2018” issued on August 7, 2017.
The Medicare EHR Incentive Program Registration and Attestation System will NOT be available for hospitals after December 31, 2017. Hospitals attesting to the Medicare EHR Incentive Program will register and attest in the HQR system. However, the Quality Net Secure Portal is not yet setup to accept attestations for CY 2017. Hospitals will attest to their 90 day reporting period for 2017 starting on January 2, 2018 through February 28, 2018. More information, including a user guide will be made available by CMS closer to January. All hospitals will need to update their log-in information to include Meaningful Use (MU) in Quality Net. This will be available in October and additional details will be released closer to the date.
The following CMS FAQs may be helpful:
Q: Some hospitals already have a Quality Net account as they have submitted electronic Clinical Quality Measures in the past. Will they need to create a separate log-in for HQR to attest to MU or will their previous log-in suffice for MU attestation too?
A: It is our understanding that registration to the site will only occur one time and that hospitals will be able to utilize their already established login information. However, for official confirmation, we recommend that hospitals submit this question by logging into the QualityNet Secure Portal and clicking submit this question to the QualityNet support team via the portal, contacting the QualityNet Help Desk at 1-866-288-8912 (TTY 1-877-715-6222), or emailing the QualityNet help desk at email@example.com.
Q: Will hospitals that have never submitted eCQMs to Quality Net previously need to create a new account in order to attest to MU?
A: Yes, correct.
Q: How long do you anticipate the registration process will take and are there instructions on how hospitals will do so?
A: All users requesting access to the QualityNet Secure Portal must be individually approved and verified. This mandatory registration process is used to maintain the confidentiality and security of healthcare information and data transmitted via QualityNet. Providers can register here and must select the appropriate user classification. The QualityNet Security Administrator facilitates the registration process for other users at the organization. Typically, an organization designates two Security Administrators. Providers submitting data via the QualityNet Secure Portal (or using a vendor to submit data on their behalf) are required to designate a Security Administrator. All other registered QualityNet users in an organization are considered basic users. The QualityNet website lists instructions regarding registration, sign-in instructions, password rules, etc. on the left side of the screen.
Q: For 2017, will hospitals continue to be able to submit Clinical Quality Measures via aggregate reporting as they did within the CMS Registration and Attestation System in the new HQR system?
A: The data receiving system is accepting submissions of QRDA Category I (patient level files) test and production files for the Hospital IQR and the Medicare EHR Incentive programs CY 2017/Fiscal Year (FY) 2019 electronic reporting requirements. The system was updated to accept QRDA Category I test and production files utilizing the CY 2017 requirements.
Technical Specifications for CY 2017 Reporting
Eligible Hospitals (EHs) and Critical Access Hospitals (CAHs) that seek to report eCQMs under the Hospital IQR and the Medicare EHR Incentive programs must use the following:
Since the Registration and Attestation System will no longer be available after December 31, 2017 we encourage you to print out documentation from previous participation years to maintain for your records.
October 2nd has just passed, bringing the beginning of the last 90-day MIPS performance period for 2017. If plans aren’t already in place, this is the last opportunity you have to decide what to do if you are an Eligible Clinician (EC) impacted by MIPS. If there is any doubt about your participation status go here and enter your NPI number. That will let you know immediately if you need to do something in 2017 to protect your 2019 Medicare Part B reimbursement and professional reputation.
The MIPS Composite score is extremely important. There are four participation options for 2017 and at least one of them should be disregarded immediately. Option 1, doing nothing, will give you an automatic 4% Medicare Part B penalty in 2019 and a public MIPS score of 0. Option 2, test reporting, will avoid penalties in 2019 but leaves you with a MIPS score of 3. Option 4 requires submission of an entire year of data to Medicare. Probably not too many can pull that one off. That only leaves Option 3 as the only acceptable path for MIPS in 2017 for most ECs.
Option 3: CMS calls this “Partial Participation” and lays out the requirements: “If you submit 90 days of 2017 data to Medicare, you may earn a neutral or positive payment adjustment and may even earn the max adjustment.” In addition, with the right strategy (individual vs. group reporting, submission method, choice of “MIPS friendly” vs. clinical quality measures, etc.) a high MIPS score can bring numerous advantages: positive scoring on public sites when rolled out, higher reimbursements, and more.
As we have entered the beginning of the last 90-day reporting period decisions and strategies will need to be in place to assure a high MIPS score. There will not be an opportunity to back pedal or second guess. Don’t let indecision or lack of knowledge of the MACRA/MIPS program adversely affect your Medicare Part B reimbursement, practice value, and professional reputation.
Our goal is not only to avoid penalties, but deliver actionable strategic decisions that lead to the highest possible MIPS score.
Contact the Kentucky REC now for help: 859-323-3090
Source: http://www.mipsconsulting.com by Jim Tate
The University of Kentucky Transplant Center is hosting the 2017 Bruce Lucas Hepatology and Liver Transplant Symposium on Friday, October 13 at Kroger Field (previously Commonwealth Stadium) Recruitment Room – 1540 University Drive.
Register Here: http://www.cecentral.com/live/13168
Overview: This program will provide education and insights about new medications that have recently been approved for the treatment of liver diseases. In addition, providers will learn how a multidisciplinary approach to liver disease management can be beneficial for patients. Finally, this program will help providers understand how to refer patients for a liver transplant evaluation in a timely manner, before patients are too sick to receive a transplant.
Target Audience: Gastroenterologists, nephrologists, urologists, primary care and family medicine physicians, physician assistants, and nurse practitioners.
Objectives: Upon completion of this educational activity, participants will be able to:
• Describe the complications of portal hypertension and liver disease.
• Describe the multidisciplinary approach in the management of liver disease.
• Describe new treatments for liver disease.
• Describe the role of liver transplantation in the treatment of liver disease.
• Discuss basic principles in hepatocellular carcinoma treatment.
• Describe how the successful management of liver tumors involves care from multiple disciplines working in close coordination.
• Describe how immunosuppression impacts transplant patients.
CME credit is available.
Register Here: http://www.cecentral.com/live/13168
Flyer: Liver Transplant Symposium 2017_WEB1 (3) FINAL
On May 12, 2017 The Department for Homeland Security released the following report:
US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.
Can HIPAA compliance help covered entities and business associates prevent infections of malware, including ransomware?
Yes. The HIPAA Security Rule requires implementation of security measures that can help prevent the introduction of malware, including ransomware. Some of the required security measures include:
• implementing a security management process, which includes conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and implementing security measures to mitigate or remediate those identified risks;
• implementing procedures to guard against and detect malicious software;
•training users on malicious software protection so they can assist in detecting malicious software and know how to report such detections; and
• implementing access controls to limit access to ePHI to only those persons or software programs requiring access.
Is it a HIPAA breach if ransomware infects a covered entity’s or business associate’s computer system?
Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific determination. A breach under the HIPAA Rules is defined as, “…the acquisition, access, use, or disclosure of PHI in a manner not permitted under the [HIPAA Privacy Rule] which compromises the security or privacy of the PHI.” See 45 C.F.R. 164.402
When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule.
Unless the covered entity or business associate can demonstrate that there is a “…low probability that the PHI has been compromised,” based on the factors set forth in the Breach Notification Rule, a breach of PHI is presumed to have occurred. The entity must then comply with the applicable breach notification provisions, including notification to affected individuals without unreasonable delay, to the Secretary of HHS, and to the media (for breaches affecting over 500 individuals) in accordance with HIPAA breach notification requirements. See 45 C.F.R. 164.400-414.
Call the Kentucky REC today at 859-323-3090 to see how we can help with your HIPAA compliance.
Important Upcoming CMS Deadline:
Reconsideration Forms for the 2017 Payment Adjustment Based on the 2015 EHR Reporting Period are due February 28, 2017
The deadline for Eligible Professionals (EPs) to submit Reconsideration forms for the 2017 payment adjustment—based on the 2015 EHR reporting period—is February 28, 2017. No applications will be accepted after the deadline.
Please visit the CMS website to find the EP Reconsideration Application. Complete this application if you received a letter from CMS that said you are subject to the 2017 Medicare EHR payment adjustment and you believe this payment adjustment is in error.
For more guidance on completing the application, review the EP Reconsideration Instructions or e-mail firstname.lastname@example.org.
For More Information
For more information on Payment Adjustments and Hardship applications, or for information on reporting requirements, please visit the EHR Incentive Programs webpage.
Contact the Kentucky REC with your questions. Our advisors are here to help you navigate healthcare IT, regulatory issues and more. 859-323-3090