QPP 2025 Public Webinar: Final Rule – Watch Now
QPP Year 9: 2025 Final Rule Overview
Available Now: Friday January 31, 2025
Key QPP Updates from the 2025 Physician Fee Schedule Final Rule
With the release of the 2025 Physician Fee Schedule and Quality Payment Program Final Rule in late 2024, CMS finalized programmatic changes impacting your practice in 2025 and future performance years.
KEY HIGHLIGHTS:
• MVP Continued Expansion: addition of 6 new MIPS Value Pathways (MVPs) and consolidation of two existing neurological MVPs
• Cost: 6 new episode-based cost measures added to the Cost Performance category, further emphasizing value-based care
• Improvement Activities: Revamp of category weighting and requirements
• APP Track & MSSP: Required measure set expansion for MSSP participants via APP Plus
• Advanced APMs: QP status determination changes and finalized updates to QPP Lump Sum Bonus payouts
Register and view this on-demand analysis to stay in the know as we explore critical elements of MVPS, APP and Traditional MIPS tracks of the Quality Payment Program.
Contact YOUR experts at Kentucky REC with all your QPP, MIPS/MVP, and APM Track questions. We’re here to help: 859-323-3090.
The CMS 2025 Physician Fee Schedule Final Rule overview, QPP, and MSSP Fact Sheets are available through the links below.
QPP Fact Sheet: https://qpp-cm-prod-content.s3.amazonaws.com/uploads/3057/2025-QPP-Policies-Final-Rule-Fact-Sheet.pdf
Medicare Promoting Interoperability Program – Data Submission Window Open
The Hospital Quality Reporting (HQR) System is now open and accepting calendar year 2024 Medicare Promoting Interoperability Program data submissions and attestations from eligible hospitals and critical access hospitals.
The data submission deadline for the CY 2024 requirements, including eCQM data, has been changed from February 28, 2025 to Friday, March 14, 2025.
As a reminder, hospitals are required to:
- Report data using the ONC Health Information Technology certification criteria to meet the certified electronic health record technology (CEHRT) requirement. Get your ID # from the Certified Health IT Product List (CHPL).
- Successfully submit four calendar quarters of data for six eCQMs:
- Three self-selected eCQMs from the CY 2024 Available eCQMs Table
- Three CMS-selected eCQMs: Safe Use of Opioids-Concurrent Prescribing, Cesarean Birth (PC-02), and Severe Obstetric Complications (PC-07)
- Submit web-based measure data for any continuous, self-selected 180-day EHR period within the calendar year.
Note: Failure to report at least a “1” for all required measures with a numerator or reporting a “No” for a Yes/No response measure will result in a total score of 0 points for the Medicare Promoting Interoperability Program.
- Earn a minimum total score of 60 points
- Complete the following requirements by attesting “Yes” to both
- Acting to Limit or Restrict the Compatibility or Interoperability of CEHRT
- ONC Direct Review
- Complete the following measures under the Protect Patient Health Information Objective by attesting “Yes” to both
- SAFER Guides
- Security Risk Analysis
- Submit data for the following measures under each objective below:
- Electronic Prescribing Objective
- e-Prescribing
- Query of Prescription Drug Monitoring Program (PDMP)
- Health Information Exchange Objective (Participants must select one of the three reporting options below)
- Report on both the Support Electronic Referral Loops by Sending Health Information measure and the Support Electronic Referral Loops by Receiving and Reconciling Health Information OR Report on the Health Information Exchange (HIE) Bi-Directional Exchange OR Report on the Enabling Exchange Under the Trusted Exchange Framework and Common Agreement (TEFCA)
- Provider to Patient Exchange Objective
- Provide Patients Electronic Access to Their Health Information
- Public Health and Clinical Data Exchange (A level of active engagement is required for each measure below)
- Syndromic Surveillance Reporting
- Immunization Registry Reporting
- Electronic Case Reporting
- Electronic Reportable Laboratory Result Reporting
- Antimicrobial Use and Resistance (AUR) Surveillance
- Voluntarily submit data for the following optional measures/requirements (Select One):
- Clinical Data Registry Reporting
- Public Health Registry Reporting
- Electronic Prescribing Objective
Contact YOUR experts at KY***@uk*.edu“>Kentucky REC with all your QPP, MIPS/MVP, and APM Track questions. We’re here to help: 859-323-3090.
HIPAA Security Rule Notice – NPRM to Strengthen Cybersecurity for ePHI
HIPAA Security Rule Notice of Proposed Rulemaking to Strengthen Cybersecurity for Electronic Protected Health Information
On December 27, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to strengthen cybersecurity protections for electronic protected health information (ePHI).
OCR administers and enforces the Security Rule, which establishes national standards for the protection of individuals’ ePHI by covered entities (health plans, health care clearinghouses, and most health care providers), and their business associates (together, regulated entities).
This proposed rule seeks to strengthen cybersecurity by updating the Security Rule’s standards to better address ever-increasing cybersecurity threats to the health care sector.
These plans included the publication of voluntary cybersecurity best practices and a strategy for greater cybersecurity enforcement and accountability, which included updating the HIPAA Security Rule with new cybersecurity requirements.
The NPRM proposes to strengthen the Security Rule’s standards and implementation specifications with new proposals and clarifications, including:
- Remove the distinction between “required” and “addressable” implementation specifications and make all implementation specifications required with specific, limited exceptions.
- Require written documentation of all Security Rule policies, procedures, plans, and analyses.
- Update definitions and revise implementation specifications to reflect changes in technology and terminology.
- Add specific compliance time periods for many existing requirements.
- Require the development and revision of a technology asset inventory and a network map that illustrates the movement of ePHI throughout the regulated entity’s electronic information system(s) on an ongoing basis, but at least once every 12 months and in response to a change in the regulated entity’s environment or operations that may affect ePHI.
- Require greater specificity for conducting a risk analysis. New express requirements would include a written assessment that contains, among other things:
o A review of the technology asset inventory and network map.
o Identification of all reasonably anticipated threats to the confidentiality, integrity, and availability of ePHI.
o Identification of potential vulnerabilities and predisposing conditions to the regulated entity’s relevant electronic information systems
o An assessment of the risk level for each identified threat and vulnerability, based on the likelihood that each identified threat will exploit the identified vulnerabilities. - Require notification of certain regulated entities within 24 hours when a workforce member’s access to ePHI or certain electronic information systems is changed or terminated.
- Strengthen requirements for planning for contingencies and responding to security incidents. Specifically, regulated entities would be required to, for example:
o Establish written procedures to restore the loss of certain relevant electronic information systems and data within 72 hours.
o Perform an analysis of the relative criticality of their relevant electronic information systems and technology assets to determine the priority for restoration.
o Establish written security incident response plans and procedures documenting how workforce members are to report suspected or known security incidents and how the regulated entity will respond to suspected or known security incidents.
o Implement written procedures for testing and revising written security incident response plans. - Require regulated entities to conduct a compliance audit at least once every 12 months to ensure their compliance with the Security Rule requirements.
- Require that business associates verify at least once every 12 months for covered entities (and that business associate contractors verify at least once every 12 months for business associates) that they have deployed technical safeguards required by the Security Rule to protect ePHI through a written analysis of the business associate’s relevant electronic information systems by a subject matter expert and a written certification that the analysis has been performed and is accurate.
- Require encryption of ePHI at rest and in transit, with limited exceptions.
- Require regulated entities to establish and deploy technical controls for configuring relevant electronic information systems, including workstations, in a consistent manner. New express requirements would include:
o Deploying anti-malware protection.
o Removing extraneous software from relevant electronic information systems.
o Disabling network ports in accordance with the regulated entity’s risk analysis. - Require the use of multi-factor authentication, with limited exceptions.
- Require vulnerability scanning at least every six months and penetration testing at least once every 12 months.
- Require network segmentation.
- Require separate technical controls for backup and recovery of ePHI and relevant electronic information systems.
- Require regulated entities to review and test the effectiveness of certain security measures at least once every 12 months, in place of the current general requirement to maintain security measures.
- Require business associates to notify covered entities (and subcontractors to notify business associates) upon activation of their contingency plans without unreasonable delay, but no later than 24 hours after activation.
- Require group health plans to include in their plan documents requirements for their group health plan sponsors to: comply with the administrative, physical, and technical safeguards of the Security Rule; ensure that any agent to whom they provide ePHI agrees to implement the administrative, physical, and technical safeguards of the Security Rule; and notify their group health plans upon activation of their contingency plans without unreasonable delay, but no later than 24 hours after activation.
While the Department is undertaking this rulemaking, the current Security Rule remains in effect.
HHS encourages all stakeholders, including patients and their families, health plans, health care providers, health care professional associations, consumer advocates, and government entities, to submit comments through regulations.gov.
Public comments on the NPRM are due 60 days after publication of the NPRM in the Federal Register. The Department will also be conducting a Tribal consultation meeting soon. Information and RSVP details are forthcoming.
The NPRM may be viewed or downloaded at: https://www.federalregister.gov/public-inspection/2024-30983/health-insurance-portability-and-accountability-act-security-rule-to-strengthen-the-cybersecurity-of
Contact the experts at KY***@uk*.edu“>Kentucky REC with all your HIPAA Privacy and Security questions. We’re here to help: 859-323-3090.
PILL Podcast: Transforming Healthcare – Primary Plus’s CHW Program
Transforming Healthcare – Primary Plus’s CHW Program
Join us for an enlightening discussion with Brooke Perkins, Director for Community Health Worker programs at Lewis County Primary Care Center, Inc, also known as Primary Plus.
Brooke provides an in-depth exploration of their innovative Community Health Worker (CHW) program, tracing its mission, evolution, and remarkable impact. Learn how they’ve navigated challenges, gained healthcare provider buy-in, and transformed patient care workflows. Through inspiring success stories and insights into community impact, Brooke sheds light on the vital role of CHW programs in enhancing overall well-being. Tune in for a fascinating glimpse into the world of healthcare innovation and community health initiatives!
Listen to our podcast on Buzzsprout, or Spotify and Apple Podcasts. All previous episodes are available.
![]() | ![]() | ![]() |
If you need assistance with healthcare quality improvement, contact the Kentucky REC at 859-323-3090 or by email.
QPP 2025 Public Webinar: Final Rule – Release Date Jan 31
QPP Year 9: 2025 Final Rule Overview
Release Date: Friday January 31, 2025
Key QPP Updates from the 2025 Physician Fee Schedule Final Rule
With the release of the 2025 Physician Fee Schedule and Quality Payment Program Final Rule in late 2024, CMS finalized programmatic changes impacting your practice in 2025 and future performance years.
Sign up today to view the Kentucky Regional Extension Center’s QPP 2025: CMS PFS & Quality Payment Program Final Rule Overview on Friday, January 31st, 2025.
KEY HIGHLIGHTS:
• MVP Continued Expansion: addition of 6 new MIPS Value Pathways (MVPs) and consolidation of two existing neurological MVPs
• Cost: 6 new episode-based cost measures added to the Cost Performance category, further emphasizing value-based care
• Improvement Activities: Revamp of category weighting and requirements
• APP Track & MSSP: Required measure set expansion for MSSP participants via APP Plus
• Advanced APMs: QP status determination changes and finalized updates to QPP Lump Sum Bonus payouts
Fill out this brief REGISTRATION FORM to be among the first to receive this webinar recording.
Contact YOUR experts at Kentucky REC with all your QPP, MIPS/MVP, and APM Track questions. We’re here to help: 859-323-3090.
The CMS 2025 Physician Fee Schedule Final Rule overview, QPP, and MSSP Fact Sheets are available through the links below.
QPP Fact Sheet: https://qpp-cm-prod-content.s3.amazonaws.com/uploads/3057/2025-QPP-Policies-Final-Rule-Fact-Sheet.pdf
NCQA PCMH Annual Reporting Requirement Update: New Data Submission Attestation
NCQA PCMH Annual Reporting Requirement Update: New Data Submission Attestation
The National Committee for Quality Assurance (NCQA) has introduced a new requirement for the 2025 Patient-Centered Medical Home (PCMH) Annual Reporting process.
Organizations renewing their recognition in 2025 must now complete the “Annual Renewal (AR) Quality Improvement (QI) 05: Data Submission Attestation.” This step, accessible in Q-PASS under the AR QI 5 component, requires practices to attest that their submitted data is accurate and may be shared with stakeholders for performance rewards and incentives.
Annual Reporting Key Deadlines and Processes
• Who is impacted? All healthcare practices with NCQA PCMH or Specialty Practice (PCSP) recognition.
• When to act? Complete Annual Reporting 30 days before your recognition anniversary date via Q-PASS.
• What to expect? After submitting the attestation, NCQA may randomly select your practice for a virtual audit. Notification of an audit will be sent through Q-PASS and email.
Support for Your Annual Renewal and Audit
The Kentucky REC PCMH team has extensive experience supporting practices through Annual Renewal and audit processes. We are here to provide expert guidance, ensuring your compliance and peace of mind.
Interested in PCMH or PCSP Recognition?
If your organization isn’t yet recognized and you’d like to learn more, contact us at the email link below or 859-323-3090 for assistance. We’re happy to help you take the next step toward recognition. Let us help you navigate the process with confidence.
A Special Holiday Greeting from all of us at Kentucky REC
SEASONS GREETINGS

Kentucky REC QPP Webinar Dec 17: 2025 Final Rule
QPP Webinar: 2025 PFS & QPP FINAL RULE CLIENT-ONLY FIRST LOOK*
Tuesday DECEMBER 17, 2024 @ 12PM ET
On November 1st, 2024 the Centers for Medicaid and Medicare Services (CMS) published the finalized regulatory update to the 2025 Physician Fee Schedule (PFS), The Quality Payment Program (QPP), and Medicare Shared Savings Program (MSSP) Reporting Requirements impacting Medicare Parts A&B payment policies.
Kentucky REC expert advisors will share details on important aspects of the 2025 Final Rule, including discussing the items below.
This CMS ruling details important updates to all tracks of the QPP and Merit-based Incentive Payment System (MIPS) program. MIPS Value Pathways or MVP expansion continues with the addition of 6 new MVPs available for reporting in performance year 2025, and the consolidation of two previously finalized MVPs into a single neurological MVP.
CMS further expanded the Cost Performance Category by adding 6 new episode-based cost measures for inclusion into the program. CMS finalized the performance threshold of the program through performance year 2025 to remain at 75 points, impacting the issuance of positive and/or negative payment adjustments to Medicare reimbursements in the 2027 payment year.
The MSSP finalized updates related to Shared Savings Pre-Payments, incentivizing and rewarding successful ACOs with upfront dollars based on historical shared savings performance to aid in offsetting costs associated with patient-care and population health infrastructure support.
CMS finalized the proposed APM Performance Pathway (APP) Plus measure set. This is a mandatory measure set for CMS MSSP ACOs, building on further strategic alignment across all CMS programs through the reporting of the Adult Universal Foundation Measure Set.
Interested in becoming a QPP client? As a client, you receive exclusive access to our analysis of all aspects of the Quality Payment Program. To speak with the team on how we can best support you, feel free to contact us HERE.
Mark your calendars for “2025 PFS & QPP FINAL RULE CLIENT-ONLY FIRST LOOK*” on Tuesday, DECEMBER 17th at 12pm EST.
The CMS 2025 Physician Fee Schedule Final Rule overview, QPP, and MSSP Fact Sheets are available through the links below.
QPP Fact Sheet: https://qpp-cm-prod-content.s3.amazonaws.com/uploads/3057/2025-QPP-Policies-Final-Rule-Fact-Sheet.pdf
Contact YOUR Experts at the Kentucky REC for all your QPP, MIPS/MVP, and APM Track questions. We are here to help. Call us at 859-323-3090.
*This webinar is for Kentucky REC contracted QPP clients only. If you are interested in this topic and would like to learn more about becoming a client, please contact us at (859) 323-3090 or email us at KY***@uk*.edu. We aim to be your trusted healthcare advisor!
Watch Now! TEAM Model APM – for Acute Care Hospitals
TEAM Model APM – Transforming Episode Accountability Model for Acute Care Hospitals
Available Now: Friday Nov 15, 2024
On November 15th, your trusted REC experts released a webinar focusing on CMS’s recently announced new MANDATORY payment arrangement: Transforming Episode Accountability Model (TEAM). This model is set to launch January 1st, 2026 for selected acute care hospitals in 188 core-based statistical areas (CBSAs).
Many Kentucky hospitals will be required to participate in this first phase, specifically hospitals located in:
Bowling Green
Corbin
Glasgow
Lexington-Fayette
Middlesboro
This model is a 5-year project beginning January 1, 2026, and ending December 31, 2030.
You will receive regulatory analysis of this new program and information on: episodes of care; timelines; financial up-side and down-side risk glidepaths; and other need-to-know elements set forth by CMS in this new model.
For further information:
CMS TEAM Model Hospital Registration (Primary Hospital Contact for FY26 Mandatory Participants).
For more information on the upcoming TEAM Model
To receive future CMS announcements, join the CMS Listserv.
REGISTER TODAY to be in-the-know on this very important topic impacting clinicians and Acute Care Hospitals across Kentucky and the nation.
For details and more information on TEAM from CMS, visit HERE.
Contact YOUR experts at Kentucky REC with all your QPP, MIPS/MVP, and APM Track questions. We’re here to help: 859-323-3090.
Watch Now! QPP Year 8 – Year in Review Roundtable
QPP Year 8: Year in Review Roundtable
Available Now: Friday Nov 15, 2024 @ 12PM ET
The 2024 Quality Payment Program performance year is quickly drawing to a close. Our Kentucky REC experts invite you to our pre-recorded webinar exploring the most important takeaways from this year to better prepare you for the upcoming attestation season.
Register and view this on-demand analysis to stay in the know as we explore critical elements of MVPS, APP and Traditional MIPS tracks of the Quality Payment Program.
Register and view this on-demand analysis to stay in the know about the QPP 2024 Program Year and how to be successful wrapping up Year 8 of the program.
Contact YOUR experts at Kentucky REC with all your QPP, MIPS/MVP, and APM Track questions. We’re here to help: 859-323-3090.