The Centers for Medicare & Medicaid Services in conjunction with the Office of the National Coordinator for Health IT, or ONC, released the final meaningful use stage 2 rule and accompanying 2014 certifications and standards rule to little fanfare in late August. Health care stakeholders will be digesting the criteria in coming months as they begin to upgrade technology and prepare to meet the requirements for 2014.
To that end, Rob Anthony's title might be Health Insurance Specialist in the CMS's Office of E-Health Standards and Services, or OESS, but he's your guy on the inside for policy surrounding the meaningful use rules of the EHR incentive program. He sat down with SearchHealthIT to discuss some of the logic -- and the nuts and bolts -- behind the final meaningful use stage 2 rule in this two-part interview.
There's a crush of health IT-related deadlines in 2014. How did meaningful use stage 2 calendaring fit into that?
Rob Anthony: In some ways, a lot of these CMS eHealth initiatives gel, and I know when we look at them program by program, they don't always look that way from the outside. ICD-10 is a great example, where if you take a look at the onset of stage 2 being at the beginning of 2014, and the upgrade to ICD-10 being 2014, you will see that there are areas where the standards for certain objectives are ICD-10. We took that into consideration as we were putting these things together.
The PQRS measure set is being harmonized with that of the EHR incentive program, so essentially, they'll be reporting the same measure, the same way, and they'll get credit for it in two places.
CMS meaningful use policy specialist
We had gotten a lot of feedback [through public comments]. Not all of the feedback was unexpected, because we had been hearing a lot of this along the way when we talked to people. We've done a meticulous job of trying to "be in touch" on the EHR incentive program, so I think we had a pretty good idea of what the frustration points and challengers were for people as we went into rulemaking on this.
Imagine a typical hospital CIO. What things should he or she do first, in your mind, to prepare for stage 2?
Anthony: The first thing to do is to take a look at what the next stage 2 requirements are going to be, because one of the things we've learned as we've talked to a number of hospitals and individual practices about stage 1 is that they sometimes focus first on technology, and second on workflow. The hospitals that I've talked to have been pretty unequivocal in saying they might have wanted to approach it differently because quite often, the second part of it is the bigger hurdle than the first.
Look at what the new stage 2 requirements are and [plan implementation] based on the stage 1 experience that [you've] had implementing these throughout their inpatient and emergency departments. With the new core objectives we have, especially things like providing information online and getting patients to access that information online, or for hospitals, the electronic medication administration records -- how they're going to roll that out is key to everything.
What is the difference between a HIPAA security risk analysis and a meaningful use risk analysis? Or are they the same thing?
Anthony: They are. This has probably been one of the great misconceptions that people have out there. We don't add anything on to the requirements of HIPAA. We've said specifically in both the stage 1 and stage 2 rules that we don't feel like we are the regulatory agency or that the EHR incentive program's regulations are the venue through which any of that should be expanded upon.
The requirements under the EHR incentive program are just more frequent [security risk assessments]. HIPAA has a two-year-requirement security risk analysis, and we have a one-year requirement. Privacy and security of patient information are of paramount importance, and when we're making that switch to electronic health records, we want to make sure that that's key in everybody's minds.
Why put in a risk analysis if HIPAA covers it? We can hear certain CIOs we frequently talk to complaining about regulatory redundancy.
Anthony: One, we wanted to see it happen more frequently. As you're making this transition and implementing these new workflows and new technologies, we wanted to make sure that that's happening more frequently than perhaps HIPAA is requiring. Also, part of it is making sure that people understand privacy and security of patient information is a critical component of electronic health records. Because it is, it needs to be a core objective of meaningfully using an EHR.
In your webinar the day after stage 2 came out, you discussed CMS's efforts to align different quality reporting programs (meaningful use, PQRS[Physician Quality Reporting Service], etc.) so providers don't have to report on the same or similar measures across several programs. Are there plans to sunset some of these programs in favor of meaningful use at some point?
Anthony: I think what you're seeing now is what the overall plan is, what was introduced in stage 2. There's a real commitment at CMS to align and harmonize quality-measure reporting across several different programs so that as much as possible, measure sets overlap and redundant reporting is eliminated.
We may not be completely there yet, but this is definitely a firm step in the right direction of harmonizing measure sets and reporting.
CMS meaningful use policy specialist
For example, in 2014, many physicians who have to do quality reporting through the PQRS and under the EHR incentive program can report under the PQRS. The PQRS measure set is being harmonized with that of the EHR incentive program, so essentially they'll be reporting the same measure, the same way, and they'll get credit for it in two places.
The same is true for the Medicare Shared Savings Program -- Pioneer ACOs [Accountable Care Organizations] -- who have a measure set, and if they report through that they will be deemed to have met the EHR incentive program [requirements]. I think that's the direction we're trying to get to. We may not be completely there yet, but this is definitely a firm step in the right direction of harmonizing measure sets and reporting.
In the summary of care core measure for eligible hospitals, one of the options for compliance is connecting to a "CMS test EHR" system. Will that be a commercial product such as Epic, open source a la VistA, or something new you'll create for this purpose?
Anthony: It's to be determined. We don't have anything available, but it will be something that CMS, ONC and NIST [National Institute for Standards and Technology] will develop.
I think the vast majority are going to meet that measure of a single successful test outside of [the CMS test EHR] by the normal course of what they do every day with transitions of care and giving summaries. But if you're in an area that has a really high concentration of a particular EHR vendor -- or maybe you're in a rural area where you just don't have a chance to do that type of exchange -- then we wanted to make sure people had the ability to actually test and make sure certified EHRs come equipped with the ability to transport patient data outside of their walls. It's important to make sure that that patient information is available across a variety of settings of care, across a variety of vendors, and that patient data isn't locked into a particular system.
So, CMS is not purchasing an existing system but instead writing a new EHR system for testing purposes in cooperation with ONC and NIST, then?
Anthony: I couldn't even comment at this time, but I imagine it will be the latter.