Kentucky REC News


As we approach the end of 2019, it is crucial to be making progress toward meeting the Promoting Interoperability (MU) Stage 3 objectives and measure. Your Health IT advisors at the KY REC are ready to assist you along the way. Below is important information regarding the EHR incentive program and recommended beginning steps for success. Contact us to schedule a meeting to review your Stage 3 reports and assist with your workflow assessments for the new measures.

EHR Reporting Period for 2019
For 2019, the EHR reporting period for Medicaid EPs is a minimum of any continuous 90 day period within the calendar year. Attestations must be submitted by 03/31/2020 for the Kentucky Medicaid EHR Incentive Program.

2015 Edition Certified EHR Technology
All participants in the Medicaid Promoting Interoperability Program are required to use 2015 Edition CEHRT. The 2015 Edition CEHRT did not have to be implemented on January 1, 2019. However, the functionality must be in place by the first day of the EHR reporting period and the product must be certified to the 2015 Edition criteria by the last day of the EHR reporting period.

Electronic Clinical Quality Measures (eCQM) for 2019
Medicaid EPs who are returning participants must report on a one year eCQM reporting period, and first-time meaningful users must report on a 90-day eCQM reporting period. EPs are required to report on any six eCQMs related to their scope of practice. In addition, Medicaid EPs are required to report on at least one outcome measure. If no outcome measures are relevant to that EP, they must report on at least one high-priority measure. If there are no outcome or high priority measures relevant to an EP’s scope of practice, they must report on any six relevant measures.

Here is a list of available eCQMs for EPs in 2019.

Objectives and Measures: EPs must attest to Stage 3 Objectives and Measures for 2019:


Specification sheet links for Stage 3 Measures can be found here.

Important Beginning Steps to Be Successful
  • Contact your vendor to determine:
    1. When will I receive my 2015 CEHRT upgrade?
    2. Are my Stage 3 reports available?
    3. Is the Application Program Interface (API) enabled?
      • Do you have instructions available on how to use the API that can be given to our patients?
    4. Are there instructions or training materials available to learn about the new features with our upgrade?
      • New clinical reconciliation button?
      • How to incorporate summary of care into EHR?
      • Sending patient education to portal?
      • Submitting patient generated health data?
  • Schedule your Security Risk Analysis for 2019 with the Kentucky REC
  • Run your Stage 3 Promoting Interoperability (MU) reports regularly and work with your Health IT advisor to review
  • Run your patient volume report for 90 days in April – June and return to your Health IT advisor

IMPORTANT — If you are planning on attesting to the Immunization Registry public health option, be sure to sign the new bi-directional immunization registry addendum with the Kentucky Health Information Exchange. The old immunization registry addendum WILL NO LONGER BE ACCEPTED for attestations. This must be signed within 60 days of the start of your reporting period.

Contact us at Kentucky REC with your questions about Promoting Interoperability. Our team of experts is here to help: 859-323-3090.


CMS Released their proposed rule for the 2020 Quality Payment Program on July 30. It outlines many changes for Year 4 (Program Year 2020) of the QPP. These include:

  • increased performance thresholds
  • changes to the Quality and Cost Performance Categories
  • introducing a new framework – MIPS Value Pathways (MVPs)

The new framework is planned to become effective in Program Year 2021. It’s goals include aligning and connecting measures across the four performance categories, allowing more flexibility for specialty providers, and reducing data collection and reporting burdens.

During our webinar, we will examine the CMS Notice of Proposed Rule Making (NPRM) for Year 4 of the Quality Payment Program. We will discuss the major proposed changes, how they differ from Year 3 (Program Year 2019) requirements, and how these changes could impact clinician practices. The comment period for the CY 2020 Proposed Rule ends September 27, 2019, with the final rule expected Fall 2019.

Webinar – QPP NPRM: Year 4 Proposed Rule
Thursday Aug 29, 12:30 – 1:30 p.m. ET

Contact us at Kentucky REC with your questions about the Quality Payment Program. Our team of experts is here to help: 859-323-3090.




Practice Goals: Quality Focused! Patients Number One Priority!
How do we get there? PCMH & PCSP Programs!


Join us for an in-depth conversation with leaders from NCQA recognized Kentucky practices to gain insider perspective on the PCMH and PCSP transformation journey. They will bring valuable information on the financial benefits, staff and patient satisfaction, and workflow improvements that recognition has brought to their organization!

Patient-Centered Medical Home (PCMH) and Patient-Centered Specialty Practice (PCSP) are excellent practice transformation models for organizations. The program can take you from goals to reality in your commitment to improving access, communication, and care coordination. NCQA recognized practices succeed in cutting costs, while increasing both quality outcomes and patient satisfaction. Now is the perfect time to pursue recognition since your organization can also receive full points in the Improvement Activities category of MIPS in the Quality Payment Program.

To learn from your peers about these exciting PCMH/PCSP program benefits, join us for a FREE webinar September 10.

Don’t miss the opportunity to be a part of something special as we work to transform healthcare in Kentucky!

Tuesday September 10, 12-1 p.m. ET

Contact us at Kentucky REC with your questions about PCMH and PCSP. Our team of experts is here to help: 859-323-3090.


In the Fiscal Year 2019 Medicare Hospital Inpatient Prospective Payment Systems (IPPS) Final Rule, CMS made changes to the Promoting Interoperability Program for Eligible Hospitals and Critical Access Hospitals.

The final rule adopted policies to:

  • continue the advancement of CEHRT utilization
  • reduce burden
  • increase interoperability
  • patient access to their health information

Hospitals must continue to successfully attest to the program to avoid a negative Medicare payment adjustment. During the webinar, we will review the Stage 3 requirements for 2019 and take a look at the new performance-based scoring methodology.

Register now and let us help you succeed in meeting your Promoting Interoperability goals.

Webinar – Medicare Promoting Interoperability for Hospitals
Tuesday August 6, 11:00 a.m. – 12:00 p.m. ET

Contact us at Kentucky REC with your questions about Promoting Interoperability for hospitals. Our experts are here to help: 859-323-3090



QPP Webinar August 13 – Quality Improvement Methods: Finding What Works

Is your organization making consistent improvements in quality, health outcomes, costs, and workflows?  Do you have a standardized system in place to enhance these areas? By having set improvement methods in your organization, you can lay the groundwork for success. You will engage staff, increase efficiencies, and improve the health of patients.

Join us August 13 to learn different Quality Improvement methods and how to drive improvement in order to achieve maximum potential. Our team will discuss how implementing these processes can be simple and easy, while making a huge impact in your organization.

Webinar – QPP Year 3: Quality Improvement Methods: Finding What Works
Tuesday Aug 13, 12:30 – 1:30 p.m. ET

Contact us at Kentucky REC with your questions about the Quality Payment Program. Our team of experts is here to help: 859-323-3090.



The Kentucky Diabetes Prevention and Control Program (KDPCP) at the Kentucky Department for Public Health (KDPH) recently received a multi-year grant from the Centers for Disease Control and Prevention (CDC) to improve diabetes clinical outcomes. Through the grant, the state of Kentucky has chosen to focus on the implementation of a robust Diabetes Clinical Quality Improvement Learning Collaborative (DLC).


We’re hosting two Information Sessions – July 18th and August 22nd at noon. Register below or call 859-323-3090 for more information.

Thursday July 18 12 Noon ET

Thursday August 22nd 12 Noon ET

The Basics:

  • 12 month Learning Collaborative
  • Health care organizations learn from each other and experts in the field
  • Participants will undertake small tests of change to reach self-identified objectives within their own organizations

Focus: Health care organizations will make “breakthrough” increases in the adoption and use of clinical systems and care practices to improve health outcomes in people with diabetes


Health Care Systems/Clinical Practices can improve clinical outcomes for your patients and practice. This learning collaborative can contribute to and augment your other quality improvement programs and initiatives to improve healthcare, reduce cost, and move to value based care.


1. Requirements: practice established for at least one year; minimum two full time employees; have at least 100 adult patients with diabetes diagnosis
2.  Complete an application and submit by August 30th 12 p.m.
3.  One year commitment
4.  If selected, participants will be notified within 30 days of the application deadline


The Kentucky Department for Public Health (KDPH) serves as the lead agency for facilitation of the CDC grant.

The KY Regional Extension Center (KY REC) serves as the lead agency for the pilot and will facilitate meetings and serve as expert consultant in electronic health record workflow.
The Kentucky Health Information Exchange (KHIE) serves as an important partner to set up LHDs and YMCA with CareAlign DSM accounts/mailboxes to support bi-directional exchange of secure patient health information with select practices.

Questions? Contact us at 859-323-3090 or Kentucky REC.

More details can be found here.
Application can be accessed here.


CMS released the 2018 Merit-based Incentive Payment System (MIPS) Performance Feedback and 2020 Payment Adjustment!

Individual clinicians and groups participating in MIPS for 2018 should be able to review their feedback and associated payment adjustment by logging into the QPP Portal at

Heads up! If you have not logged in to the system in a while, you may be required to reset your HARP password (HCQIS Access and Roles Profile). If you participated in a MIPS Alternative Payment Model (MIPS-APM), you should also be able to see a score based on your APMs performance for the 2018 program year. Only APM Entities that are determined to be “Advanced APMs” will NOT receive MIPS performance feedback. If you have any questions on your APM’s performance or your access to see a score, we recommend contacting your APM entity.

The Performance feedback includes:
  • measure-level performance data and scores
  • activity-level scores
  • category-level scores
  • your final score
  • associated payment adjustment information
  • additional details

For those who submitted under multiple groups, you should receive feedback reports for each group submission. Additionally, those clinicians who voluntarily reported will also receive feedback on their perfrmance, minus any payment adjustment information.

This year CMS released expanded cost and resource use figures for those with applicable data, giving clinicians and practices more tools and resources than before. This data can help you to make steps towards improvement in your practice.

During our webinar we will walk you through these 2018 feedback reports and how you can use the various tables and supplemental information to improve your performance in 2019 and beyond. Make sure to tune in for tips and tricks on getting the most out of your reports!

Webinar – QPP Year 3: 2018 Feedback Reports
Tuesday July 30, 12:30 – 1:30 p.m. ET

Contact us at Kentucky REC with your questions about the Quality Payment Program. Our team of experts is here to help: 859-323-3090


Our partners at the Kentucky Health Information Exchange (KHIE) invite you to attend the 2019 eHealth Summit August 16th from 7:30 am – 3:30 pm ET at the Marriott Griffin Gate Hotel


KHIE invites you to also join them the evening before, August 15th at 5:30 pm, to celebrate KHIE’s launch of the new HIE Platform! Admission is included with registration for the eHealth Summit and includes hors d’oeuvres and drinks.

How does KHIE play a role in improving the health of Kentucky’s citizens?

Join us for these discussions:

  • How KHIE promotes health information exchange at both the regional & national level
  • How you can leverage KHIE and other expert resources to meet Promoting Interoperability & QPP objectives and measures
  • How KHIE supports the Cabinet’s efforts in battling the Opioid & Substance Abuse Epidemic

Be among the first to view highlights of the new KHIE enhanced technology and network with Kentucky healthcare leadership.

Ready to learn, meet, and network? Register here and download agenda here.

Download the KHIE eHealth Summit flyer here.

Marriott Griffin Gate is offering a special rate of $112 for eHealth Summit guests. To make reservations at this special rate, contact Marriott Reservations at 877-204-8020 and ask for the eHealth Summit room block. Attendees are exempt from the $15/day resort fee. Please note: this fee will show up on the reservation; the charge will be removed at final payment upon check-out.


Are you struggling with HARP, PECOS, or the QPP Portal? During our June 27th webinar we’ll go in depth and look at each CMS system. We will review the purpose of each one, and how that particular system applies to you and your practice in the Quality Payment Program.

We’ll walk through the process of establishing a HARP account, discuss the various roles available within the systems, and provide some guidelines for who should have access. We’ll also discuss the many uses for these different systems.

We’ll go over some troubleshooting tips for issues with passwords, and how to update information on each of the systems.


Webinar – QPP Year 3: Navigating CMS Systems
Thursday June 27, 12:30 – 1:30 p.m. ET

Contact us at Kentucky REC with your questions about the Quality Payment Program. Our team of experts is here to help: 859-323-3090





Has your entity just experienced a cyber-related security incident, and are you wondering what to do next? This guide explains, in brief, the steps a HIPAA covered entity or its business associate should take in response to a cyber-related security incident.

  • Must execute its response and mitigation procedures and contingency plans. For example, the entity should immediately fix any technical or other problems to stop the incident. The entity should also take steps to mitigate any impermissible disclosure of protected health information, which may be done by the entity’s own information technology staff, or by an outside entity brought in to help (which would be a business associate, if it has access to protected health information for that purpose).
  • Should report the crime to law enforcement agencies, which may include state or local law enforcement, the Federal Bureau of Investigation (FBI), and/or the Secret Service. Any such reports should NOT include protected health information, unless otherwise permitted by the HIPAA Privacy Rule. If a law enforcement official tells the entity that any potential breach report would impede a criminal investigation or harm national security, the entity must delay reporting a breach (see below) for the time the law enforcement official requests in writing, or for 30 days, if the request is made orally.
  • Should report all cyber threat indicators to federal and information-sharing and analysis organizations (ISAOs), including the Department of Homeland Security, the HHS Assistant Secretary for Preparedness and Response, and private-sector cyber-threat ISAOs. Any such reports should not include protected health information. OCR does not receive such reports from its federal or HHS partners.
  • Must report the breach to OCR as soon as possible, but no later than 60 days after the discovery of a breach affecting 500 or more individuals; and notify affected individuals and the media unless a law enforcement official has requested a delay in the reporting. OCR presumes all cyber-related security incidents where protected health information was accessed, acquired, used, or disclosed are reportable breaches unless the information was encrypted by the entity at the time of the incident or the entity determines, through a written risk assessment, that there was a low probability that the information was compromised during the breach. An entity that discovers a breach affecting fewer than 500 individuals has an obligation to notify: individual without unreasonable delay, but no later than 60 days after discovery; and OCR within 60 days after the end of the calendar year in which the breach was discovered.

OCR considers all mitigation efforts taken by the entity during any particular breach investigation. Such efforts include voluntary sharing of breach-related information with law enforcement agencies and other federal and analysis organizations as described above.

Cyber-Attack Guidance Summary

As is detailed above, it is best to have a checklist of activities that need to take place if a cyber-attack happens. An Incident Response Plan will contain and mitigate the cyber incident. Once the incident is either contained or to the point that other activities can commence, notifications need to be made. Contacting law enforcement, then the information-sharing and analysis organizations (ISAOs), will help to aid not only your organization but alert peers to possible threats. Finally, if the cyber-attack is determined to be a breach, any federal and state reporting must be made.

How can a Security Risk Analysis from the Kentucky REC help?

Our highly trained staff can help your organization reduce your cyber-attack risk through a Risk Analysis. By performing interviews, facility walk throughs, and looking at your documentation, then matching your existing controls to industry best practice, you will receive a thorough view of your vulnerabilities. Once the vulnerabilities are identified, they will be outlined in a final report with suggestions for compensating controls to reduce cyber-attack risks.

Contact the security experts at Kentucky REC with your HIPAA and security questions. Call us at 859-323-3090.