Mar 27, 2025
Public Webinar Available Now: HIPAA Security Rule Gets a Makeover – Let’s Break it Down
The Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information (NPRM) on Jan 6, 2025. This will be the first major update to the HIPAA Security Rule since the HIPAA Omnibus Rule in 2013.
These proposed changes bring about new requirements, including:
- Vulnerability scanning
- Penetration testing
- Patch management
- Network segmentation
- Data backup testing
- Multi-factor authentication
- Security incident planning and testing
- HIPAA compliance audits
- Business associate delegation
- Guidelines for ongoing maintenance
This webinar provides an overview of the proposed changes and expected timelines for regulated entities to meet compliance with the new rule. The proposed rule seeks to strengthen cybersecurity by updating the Security Rule’s standards to better address ever-increasing cybersecurity threats to the health care sector. While the Department is undertaking this rulemaking, the current Security Rule remains in effect.
For more information about the proposed rule for HIPAA Security, please follow the links below:
Fact Sheet: “HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information”
Notice of Proposed Rulemaking (NPRM) – “HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information”
Contact the experts at Kentucky REC with all your HIPAA Privacy and Security questions. We’re here to help: 859-323-3090.
Mar 3, 2025
HIPAA Security Rule Gets a Makeover – Let’s Break it Down
Public Webinar to be released Thursday March 27
Fill out this brief REGISTRATION FORM to be among the first to receive this webinar recording.
HHS Announces Proposed Changes to the HIPAA Security Rule!
The Department of Health and Human Services (HHS) released a Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information (NPRM) on Jan 6, 2025. This will be the first major update to the HIPAA Security Rule since the HIPAA Omnibus Rule in 2013. These proposed changes bring about new requirements, including:
- Vulnerability scanning
- Penetration testing
- Patch management
- Network segmentation
- Data backup testing
- Multi-factor authentication
- Security incident planning and testing
- HIPAA compliance audits
- Business associate delegation
- Guidelines for ongoing maintenance
This webinar will provide an overview of the proposed changes and expected timelines for regulated entities to meet compliance with the new rule. This proposed rule seeks to strengthen cybersecurity by updating the Security Rule’s standards to better address ever-increasing cybersecurity threats to the health care sector.
While the Department is undertaking this rulemaking, the current Security Rule remains in effect.
HHS encourages all stakeholders, including patients and their families, health plans, health care providers, health care professional associations, consumer advocates, and government entities, to submit comments through regulations.gov.
For more information about the newly proposed rule for HIPAA Security, please follow the links below:
Fact Sheet: “HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information”
https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/factsheet/index.html
Notice of Proposed Rulemaking (NPRM) – “HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information”
Contact the experts at Kentucky REC with all your HIPAA Privacy and Security questions. We’re here to help: 859-323-3090.
Jan 31, 2025
QPP Year 9: 2025 Final Rule Overview
Available Now: Friday January 31, 2025
Key QPP Updates from the 2025 Physician Fee Schedule Final Rule
With the release of the 2025 Physician Fee Schedule and Quality Payment Program Final Rule in late 2024, CMS finalized programmatic changes impacting your practice in 2025 and future performance years.
KEY HIGHLIGHTS:
• MVP Continued Expansion: addition of 6 new MIPS Value Pathways (MVPs) and consolidation of two existing neurological MVPs
• Cost: 6 new episode-based cost measures added to the Cost Performance category, further emphasizing value-based care
• Improvement Activities: Revamp of category weighting and requirements
• APP Track & MSSP: Required measure set expansion for MSSP participants via APP Plus
• Advanced APMs: QP status determination changes and finalized updates to QPP Lump Sum Bonus payouts
Register and view this on-demand analysis to stay in the know as we explore critical elements of MVPS, APP and Traditional MIPS tracks of the Quality Payment Program.
Contact YOUR experts at Kentucky REC with all your QPP, MIPS/MVP, and APM Track questions. We’re here to help: 859-323-3090.
The CMS 2025 Physician Fee Schedule Final Rule overview, QPP, and MSSP Fact Sheets are available through the links below.
PFS Fact Sheet
MSSP Fact Sheet
QPP Fact Sheet: https://qpp-cm-prod-content.s3.amazonaws.com/uploads/3057/2025-QPP-Policies-Final-Rule-Fact-Sheet.pdf
Jan 24, 2025
The Hospital Quality Reporting (HQR) System is now open and accepting calendar year 2024 Medicare Promoting Interoperability Program data submissions and attestations from eligible hospitals and critical access hospitals.
The data submission deadline for the CY 2024 requirements, including eCQM data, has been changed from February 28, 2025 to Friday, March 14, 2025.
As a reminder, hospitals are required to:
- Report data using the ONC Health Information Technology certification criteria to meet the certified electronic health record technology (CEHRT) requirement. Get your ID # from the Certified Health IT Product List (CHPL).
- Successfully submit four calendar quarters of data for six eCQMs:
- Three self-selected eCQMs from the CY 2024 Available eCQMs Table
- Three CMS-selected eCQMs: Safe Use of Opioids-Concurrent Prescribing, Cesarean Birth (PC-02), and Severe Obstetric Complications (PC-07)
- Submit web-based measure data for any continuous, self-selected 180-day EHR period within the calendar year.
Note: Failure to report at least a “1” for all required measures with a numerator or reporting a “No” for a Yes/No response measure will result in a total score of 0 points for the Medicare Promoting Interoperability Program.
- Earn a minimum total score of 60 points
- Complete the following requirements by attesting “Yes” to both
- Acting to Limit or Restrict the Compatibility or Interoperability of CEHRT
- ONC Direct Review
- Complete the following measures under the Protect Patient Health Information Objective by attesting “Yes” to both
- SAFER Guides
- Security Risk Analysis
- Submit data for the following measures under each objective below:
- Electronic Prescribing Objective
- e-Prescribing
- Query of Prescription Drug Monitoring Program (PDMP)
- Health Information Exchange Objective (Participants must select one of the three reporting options below)
- Report on both the Support Electronic Referral Loops by Sending Health Information measure and the Support Electronic Referral Loops by Receiving and Reconciling Health Information OR Report on the Health Information Exchange (HIE) Bi-Directional Exchange OR Report on the Enabling Exchange Under the Trusted Exchange Framework and Common Agreement (TEFCA)
- Provider to Patient Exchange Objective
- Provide Patients Electronic Access to Their Health Information
- Public Health and Clinical Data Exchange (A level of active engagement is required for each measure below)
- Syndromic Surveillance Reporting
- Immunization Registry Reporting
- Electronic Case Reporting
- Electronic Reportable Laboratory Result Reporting
- Antimicrobial Use and Resistance (AUR) Surveillance
- Voluntarily submit data for the following optional measures/requirements (Select One):
- Clinical Data Registry Reporting
- Public Health Registry Reporting
Contact YOUR experts at Kentucky REC with all your QPP, MIPS/MVP, and APM Track questions. We’re here to help: 859-323-3090.
Jan 16, 2025
Transforming Healthcare – Primary Plus’s CHW Program
Join us for an enlightening discussion with Brooke Perkins, Director for Community Health Worker programs at Lewis County Primary Care Center, Inc, also known as Primary Plus.
Brooke provides an in-depth exploration of their innovative Community Health Worker (CHW) program, tracing its mission, evolution, and remarkable impact. Learn how they’ve navigated challenges, gained healthcare provider buy-in, and transformed patient care workflows. Through inspiring success stories and insights into community impact, Brooke sheds light on the vital role of CHW programs in enhancing overall well-being. Tune in for a fascinating glimpse into the world of healthcare innovation and community health initiatives!
Listen to our podcast on Buzzsprout, or Spotify and Apple Podcasts. All previous episodes are available.
If you need assistance with healthcare quality improvement, contact the Kentucky REC at 859-323-3090 or by email.
Dec 9, 2024
NCQA PCMH Annual Reporting Requirement Update: New Data Submission Attestation
The National Committee for Quality Assurance (NCQA) has introduced a new requirement for the 2025 Patient-Centered Medical Home (PCMH) Annual Reporting process.
Organizations renewing their recognition in 2025 must now complete the “Annual Renewal (AR) Quality Improvement (QI) 05: Data Submission Attestation.” This step, accessible in Q-PASS under the AR QI 5 component, requires practices to attest that their submitted data is accurate and may be shared with stakeholders for performance rewards and incentives.
Annual Reporting Key Deadlines and Processes
• Who is impacted? All healthcare practices with NCQA PCMH or Specialty Practice (PCSP) recognition.
• When to act? Complete Annual Reporting 30 days before your recognition anniversary date via Q-PASS.
• What to expect? After submitting the attestation, NCQA may randomly select your practice for a virtual audit. Notification of an audit will be sent through Q-PASS and email.
Support for Your Annual Renewal and Audit
The Kentucky REC PCMH team has extensive experience supporting practices through Annual Renewal and audit processes. We are here to provide expert guidance, ensuring your compliance and peace of mind.
Interested in PCMH or PCSP Recognition?
If your organization isn’t yet recognized and you’d like to learn more, contact us at the email link below or 859-323-3090 for assistance. We’re happy to help you take the next step toward recognition. Let us help you navigate the process with confidence.
