CMS May Delay MACRA


By Jose Lopez, Senior Consultant, The Verden Group

In our most recent issue of ViewPoint Magazine, we provided some tips on how to prepare for the reporting requirements and shift to quality payment models under the proposed Medicare Access & CHIP Reauthorization Act (MACRA). MACRA was scheduled to take effect on January 1, 2017. However, after feedback and pressure from most of the professional medical societies and specialty membership organizations, Andy Slavitt, the Acting Administrator for the Centers for Medicare and Medicaid Services (CMS), recently indicated MACRA could be delayed from the proposed January 1 start date.

The final rule for MACRA is not expected to be released until November 1, 2016, only two months prior to the current proposed effective date of January 1, 2017. This would put unbelievable pressure on providers, particularly those in small practices, to scramble to meet the requirements of MACRA in a very short period of time. The Verden Group encourages CMS to delay implementation of MACRA, and for practices to fully understand, prepare for, and implement changes in their workflows to demonstrate the cost effectiveness and high quality of care they provide to their patients.

HIPAA Legal Updates — Breach Reporting Requirements


By Sumita Saxena, Senior Consultant, The Verden Group

There might be some confusion regarding the breach reporting requirements mandated by the Health Insurance Portability and Accountability Act (HIPAA) and further enforced by the Health Information Technology for Economic and Clinical Health (HITECH) Act. A breach is considered any acquisition, access, use or disclosure of Protected Health Information (PHI) which compromises the security or privacy of the PHI. However, if the disclosed PHI has been rendered unusable, unreadable, or indecipherable to unauthorized individuals, an adequate risk assessment may determine that a sufficiently minimal or nonexistent risk is present, thereby excluding the event from the definition of a breach.

The most basic example of a breach occurs when one patient’s records are accidentally sent or disclosed to another patient or individual. While this may seem trivial in a circumstance in which the content disclosed is rather limited, physicians must be aware of how to identify a breach and understand their obligations with respect to reporting.

Every HIPAA breach is reportable; the differentiating factor in reporting is determined based on the number of individuals affected by the event. In instances where fewer than 500 individuals are affected by the breach, practices must maintain a system of logging or otherwise documenting these breaches that occur during the calendar year. Practices must then submit a detailed account of all such events to the Secretary of the U.S. Department of Health and Human Services (HHS), through the HHS Office for Civil Rights, no later than 60 days after the end of the calendar year. Immediate notification to the Office for Civil Rights is required in the event that a breach affects more than 500 individuals.

Recent OIG reports signal an upcoming increase in OCR activity and oversight of HIPAA covered entities, even in the absence of a breach.

On September 29th, the Office of Inspector General (OIG) in the U.S. Department of Health and Human Services (HHS) released two reports which reviewed the successes and shortcoming in the Office for Civil Rights’ (OCR) oversight of Health Insurance Portability and Accountability Act (HIPAA) compliance for covered entities. OCR is responsible for overseeing covered entities’ compliance with the HIPAA standards, which include the Breach Notification Rule, the Privacy Rule and the Security Rule. In one report, the OIG provided conclusions and recommendations from their study on covered entities’ compliance with the HIPAA Privacy Rule, while in the other report, the OIG provided conclusions and recommendations from their investigation of OCR’s follow-up on breaches of patient health information which are reported to OCR. In both studies, the OIG reached some similar conclusions. The guidance provided by these reports should be recognized by providers for what it is: harbingers of OCR’s likely future enforcement activity.

One of the key findings by the OIG likely to have a direct impact on providers: OCR will now proactively audit covered entities to monitor compliance with the Privacy Rule, as opposed to its traditional approach of initiating investigations as a result of complaints or breach reports. The fact that OCR has not been proactively auditing covered entities allows for some level of comfort for covered entities, as there is not a great concern that OCR will conduct an investigation of a covered entity unless a potential breach or violation were reported. It is likely that this will be changing in the very near future, as the OIG has recommended that OCR improve its oversight of covered entities and take a proactive stance, by instituting a permanent audit program, as opposed to OCR’s current reactive posture. In addition, the OIG recommended improving the tracking system which OCR uses to keep records about investigations of covered entities. Such improvements in record-keeping and tracking investigations could mean that OCR will be more likely to impose penalties, as it will be able to more easily determine when covered entities are the subject of multiple investigations.

Regarding the follow-up of breaches, the OIG made some similar recommendations concerning the need for OCR to improve its tracking system. The OIG recommended that OCR more uniformly enter information about breaches, whether large or small, into a searchable database. At present, OCR has largely focused on thoroughly investigating large breaches (e.g. breaches of 500 or more affected individuals) that are reported to it. However, the OIG has now recommended that OCR also track and follow-up on small breaches that are reported to it. This could have a significant impact on providers who may have experienced several small breaches, as it will be more likely that OCR will now closely track and examine covered entities that experience several small breaches. In addition, the OIG recommended that OCR maintain more complete documentation in its database of corrective actions taken by covered entities that experience a breach. Currently, because OCR does not keep thorough records of corrective actions, covered entities may be able to get away with implementing few changes if they experience a breach. Once OCR implements these recommendations to better document corrective actions taken by covered entities, it will place greater scrutiny on these corrective actions to ensure that the covered entities carry out the necessary changes and prevent the occurrence of a similar breach in the future.

It is extremely important for providers to understand how to comply with HIPAA, as well as what to do if they experience a breach. These reports serve to emphasize the importance of compliance and the ways in which OCR will begin to more actively investigate HIPAA compliance. Here at The Verden Group we can offer assistance in reviewing your HIPAA protocols and ensuring you have all the required forms up-to-date and properly disseminated to your patients.

 

 

CMS issues Final Rules for Stage 2 and Proposed Rules for Stage 3


By Jose Lopez, Senior Consultant, The Verden Group

On October 6, 2015, the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator (ONC) released the final rules (click here to view) for modifications to Stage 2 and 2015 reporting requirements, as well as proposed rules for the third stage of the Meaningful Use incentive program.

Meaningful Use Stage 2 Changes

As expected, CMS finalized the modifications for the 2015 reporting period and some Stage 2 requirements (see my earlier blog post about details on those anticipated changes). CMS says it is providing a simpler, more flexible set of stage 2 regulations for 2015 through 2017 as the meaningful use regulation era gives way to CMS’s transition to value-based compensation. In summary:

  • The rules also allow for a 90-day reporting period for providers in 2015, and new providers in 2016 and 2017.
  • Many of the measures of personal health engagement have been drastically reduced (patient portal and e-messaging requirements).
  • Clinical quality measures for both hospitals and providers will remain the same.

The Verden Group applauds the relaxation of these measures to reflect the real challenges that practices and hospitals are facing. More than 60% of hospitals and about 90% of physicians have yet to attest to stage 2!

Meaningful Use Stage 3 Measures

In spite of calls from most of the major medical associations to delay the onset of Stage 3, CMS also announced that Stage 3 will go on as planned and will not be delayed. In summary, major provisions pertaining to Stage 3 meaningful use include:

  • There will be 8 objectives for eligible providers and hospitals.
  • In Stage 3, more than 60 percent of the proposed measures require interoperability, up from 33 percent in Stage 2.
  • Public health reporting will include flexible options for measure selection.
  • Clinical Quality Measures (CQM) reporting are aligned with the CMS quality reporting programs.
  • Finalizes the use of application program interfaces that enable the development of new functionalities to build bridges across systems.

In short, CMS is attempting to address the two areas in Stage 3 that have been the primary barriers for successful Stage 2 attestation: interoperability and patient engagement. In 2017, Stage 3 requirements are optional, but providers who opt to start Stage 3 in 2017 will have a 90-day reporting period. Come 2018, all providers must comply with Stage 3 regulations using a certified EHR.

Industry Reaction

Despite a public outcry from the healthcare community to delay the onset due to the lack of successful Stage 2 attestation, Stage 3 is set to begin as an optional requirement for physicians and hospitals in 2017 and a requirement in 2018. The American Medical Association applauded CMS for allowing a hardship exemption for physicians who are unable to attest in 2015 but called the final rule, as a whole, “deeply disappointing.” The American Hospital Association urged CMS to delay the implementation of Stage 3 and focus instead on “ensuring that providers could easily and efficiently share health information to support care delivery and new models of care.” The American College of Cardiology says that the program requirements “remain difficult to implement.”

The final rule for Stage 3 includes a 60-day comment period, which is longer than is typical, suggesting that there may be additional modifications or delays. As such, the political fight to delay the onset of Stage 3 of meaningful use may not be over, and we expect many changes may be coming before the rule is finalized.

A Post-HITECH World

When Congress passed the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), it essentially sunset the meaningful use payment adjustments (penalties for noncompliance) at the end of 2018. Instead, Congress has called for the establishment of a Merit-Based Incentive Payment System (MIPS), of which the meaningful use program will form one component. CMS will continue to consolidate its current incentive/adjustment programs under the umbrella of MIPS as it further transitions from encounter-based payments to value-based compensation. The Verden Group will continue to monitor industry reaction and comments submitted to CMS on the final Stage 3 rule in order to guide our clients through successful Meaningful Use Attestation and beyond.

 

Terminating the Physician-Patient Relationship


By Sumita Saxena, Senior Consultant, The Verden Group

It unfortunately can happen to anyone: You go above and beyond to provide your patients excellent care with uncompromising accessibility, and yet something somewhere goes wrong and the relationship quickly deteriorates. After trying your best to mend the problem it becomes clear – the relationship has broken down beyond repair and for whatever reason you reach the tough decision to terminate the patient from the practice.

Before you act and send notice, please take a look at some helpful steps we have compiled for you to consider as you navigate this difficult subject.

Step One:  Try to Work It Out With Your Patient.  Practically speaking, when faced with a difficult patient situation, the best course of action is to avoid a unilateral termination of the physician/patient relationship by addressing the problem quickly. Communication is the key. The patient should be advised of the situation and given a reasonable opportunity to correct the problem. You should make it clear that failure to correct the problem may result in the dismissal of the patient from the practice.

Step Two:  Review the Applicable State Medical Licensing Rules. State licensing boards govern the practice of medicine and the relationship between a physician licensed in that state and his or her patients. Accordingly, it is essential to review the medical board rules carefully before you terminate a patient from your practice.

Step Three:  Consider AMA Guidance. The American Medical Association (the “AMA”) has provided guidance on terminating the physician/patient relationship. According to the AMA’s Code of Medical Ethics, physicians have the option of terminating the physician/patient relationship, but they must give sufficient notice of withdrawal to the patient, relatives, or responsible friends and guardians to allow another physician to be secured.

The AMA recognizes that there are times when a physician may no longer be able to provide care to a certain patient, including when the patient refuses to comply, is unreasonably demanding, threatens the physician or staff, or otherwise is contributing to a breakdown of the physician/patient relationship. According to the AMA, terminating a physician/patient relationship is ethical as long as the proper procedures are followed.

The AMA has given the following advice for the termination process:

  1. Giving the patient written notice, preferably by certified mail, return receipt requested;
  2. Providing the patient with a brief explanation for terminating the relationship (this should be a valid reason, for instance non-compliance, failure to keep appointments);
  3. Agreeing to continue to provide treatment and access to services for a reasonable period of time, such as 30 days, to allow a patient to secure care from another person (a physician may want to extend the period for emergency services);
  4. Providing resources and/or recommendations to help a patient locate another physician of like specialty; and
  5. Offering to transfer records to a newly designated physician upon signed patient authorization to do so. American Medical Association (AMA), “Ending the Patient-Physician Relationship,” http://www.ama-assn.org/ama/pub/physician-resources/legal-topics/patient-physician-relationship-topics/ending-patient-physician-relationship.page

Step Four:  Check Your Payer Contracts and Policies.   A physician who is a participating provider (under contract) with the patient’s insurer (commercial or government payer) may be obligated to notify the payer and comply with additional requirements. You should review your provider contract(s) and policies in order to determine if the payer has a policy on patient termination. For example, some insurance carriers require 60 or 90 days notice before dismissal (as compared to the 30 days notice required pursuant to certain state laws) and some require prior written notice to the carrier to enable the carrier to contact the patient.  There also may be specific requirements concerning pregnant or mental health patients. Medicare, Medicaid, and other government payers have strict policies on terminating a patient that should be reviewed before terminating a governmental plan beneficiary.

Step Five:  Review Your Malpractice Carrier Requirements.  Some medical malpractice insurance carriers have adopted rules or recommendations for terminating the physician/patient relationship. Accordingly, you should review your malpractice policy or contact the malpractice carrier when establishing the procedure for terminating the physician/patient relationship.

Step Six:  Send Written Notification to Your Patient.  You should send written notification advising the patient that he or she is terminating the patient relationship. The notification should comply with the licensing board’s rules and the requirements of the applicable payer and the your malpractice carrier. Ideally the patient notification should be prepared or reviewed by experienced counsel before sending to the patient.

Step Seven:  Provide Continuity of Care.  You should ensure that you provide the proper continuity of care when dismissing a patient from your practice, including any requirements under state licensing rules, their payer contracts and their malpractice policy. The AMA guidance recommends that the physician provide the patient with resources and referrals for other sources of care.

Step Eight:  Do not Charge for Patient Records.  A physician who terminates his or her relationship with a patient should not charge the patient for copying the patient’s medical records.

Step Nine:  Consider Risk Management.  Additionally, you should perform a risk management analysis before terminating the physician/patient relationship. You should consider the possibility (even if the patient’s position is without merit and you will ultimately be successful) of patient complaints, disciplinary investigations, litigation, or other action initiated by disgruntled patients.

Step Ten:  Establish a Set Policy on Patient Terminations and Train Staff on the Policy.  In order to avoid any potential issues with former patients, the practice should have a set policy in place for the termination of the physician/patient relationship, including a sample termination letter.  The policy should be applied to patients consistently and without discrimination.  The staff should be trained on the policy and should document compliance with the policy.

By following the above steps you can be proactive and diligent in mitigating your risk if such a situation ever arises with a patient.

Cost per Pediatric Encounter – from our friends at PMI


What’s the Cost?

As PMI travels the country to work exclusively with Pediatric practices identifying areas to improve their financial and operational performance, we find that many are unable to state the cost to provide care.  Simply put: what does it cost to provide care for each child that comes into the office?  We find that most practices are intimidated by the idea of bridging information from their practice management system with their accounts payable system such as Quickbooks. While it seems tough to figure it out, it is really simple…

The reality is that a practice has two options to increase profitability: increase revenue or cut costs.  With managed care plans not likely to increase rates as we hope, practices need to focus on the two things they have 100% control of: number of patients seen and the cost to provide the care.  While most Pediatricians are already operating at maximum capacity, the best thing to do is focus on the cost.

With the average Pediatrician expected to have 4,000 encounters per year, a reduction of $5.00 per encounter results  in over $20,000 in added profit per provider!!!!  

Being able to track your cost per encounter is extremely important for a variety of reasons:

  1. Better manage your practice overhead
  2. Readily identify expense concerns
  3. Identify opportunities to reduce expenses

PMI finds that between the staff labor and vaccine costs, it accounts for well over 80% of the expense to provide care to the children.  Simply put, what is your practice doing to ACTIVELY MANAGE your two largest expenses?  This leads to a few things to consider:

  1. Does your practice have set salary ranges for each position in the practice?
  2. Does your practice have set goals that must be attained for employees to receive bonuses?
  3. Does your practice have a set program to effectively monitor and rate each employee’s job performance?
  4. Are you reviewing your vaccine costs quarterly to make sure you are getting the best pricing?

Math Lesson for the Day….
The easiest way to determine your cost per encounter is to take the total operating expense (prior to provider compensation) and divide by the number of encounters.  While not exact, it does provide some useful information.  With it you can track the labor, vaccine, medical supplies and anything else on a per encounter basis.

Let’s assume a practice had 1,000 office visits last month and incurred $90,000 in operational expenses.  The cost per encounter is $90.00.  Of this amount, $30 was for staff labor, $8 for vaccines and the rest for general overhead.   By comparing to the average revenue per encounter, one can quickly see what is left to pay for the provider’s salary and benefits.  (This is really helpful when a practice begins thinking about adding another provider.)  With this simple method, anyone with a reasonable skill set can use a calculator or Microsoft Excel to figure it out.

Well versus Sick Visits
Some PMI clients have gone so far as utilize the Medicare RBRVS system to determine the “cost per work-RVU”.  Using such a system allows practices to examine the cost per encounter in granular fashion to differentiate the cost to provide sick versus well visits.  This is straight-forward process that allows you to:

  1. Convey to managed care plans the actual cost to provide care- possibly providing justification for a rate increase
  2. Decide if managed care reimbursement is sufficient given your practice overhead structure
  3. Examine the impact of accepting certain contracts

PMI encourages every practice to find ways to track their cost each month.  Hoping for revenue increases is not a safe way to increase your profitability.  Calculating and tracking your costs each month is what is needed to effectively manage your practice.

Kindly reposted here with permission from Paul Vanchiere, Pediatric Management Institute

http://pediatricmanagementinstitute.com/cost-per-encounter/

To learn more about this important financial metric or any of the others important for Pediatric practice management, click here.

Looking Ahead: Meaningful Use Stage 3 Requirements


By Jose Lopez, Senior Consultant, The Verden Group

In my recent blog on the proposed changes to Meaningful Use 2 requirements CMS recognized the barriers providers were facing in meeting the Meaningful Use Stage 2 requirements, and proposed a rule to simplify the Measures and Objectives for 2015 and beyond. CMS clearly heard the complaints from providers that meeting the measures were creating workflow issues. The Verden Group applauds these changes and hope they are approved in their entirety.

Let’s look forward now to what lies beyond meeting the revised Stage 2 requirements in 2015 and 2016, to Stage 3. Following a proposed “optional” year in 2017, all providers will report on the same streamlined definition of Meaningful Use at the Stage 3 level in 2018, regardless of prior participation.

CMS has come out with 8 tentative advanced use objectives for Stage 3 designed to align with national healthcare quality improvement efforts, and to promote interoperability and health information exchange which will focus on the triple aim of reducing costs, improving access and improving quality:

  1. Protect electronic health information
  2. e-Prescribing
  3. Clinical decision support
  4. Computerized provider order entry
  5. Patient electronic access to their data
  6. Coordination of care through patient engagement
  7. Health information exchange
  8. Public health reporting

The specific measures for each objective have yet to be defined but if you think the objectives look like Stage 2, then you would be correct. And as with Stage 2, the most challenging objectives appear to be those where the provider does not have direct control over their outcomes: patient engagement (patient use of portals and e-messaging), health information exchange (by states or other entities), and public health reporting (by states or other entities).

While CMS came under fire in 2014 following the fallout of providers being unable to meet Stage 2 requirements, it is vital that practices continue to advance their use of electronic health information. As Medicare and private payers continue their evolution from fee-for-service to pay-for-performance, data is being used to report on quality outcomes and to differentiate high performing practices to patients.

In closing, it is crucial that providers and provider associations provide feedback when CMS proposes rules for Stage 3 to ensure the data being required isn’t arbitrary (as was the case with Stage 2), but that it meets the intent of the HITECH Act to begin with: reducing costs, improving access, and improving quality.

In our next blog on Meaningful Use, we’ll discuss proper Meaningful Use Attestation documentation and the ugly truth no one wants to hear: CMS plans to audit one in every 20 meaningful use attesters.

NCQA PCMH REDESIGN


By Julie Wood MSc. PCMH CCEPCS_logo_VG

Co-Founder, Patient Centered Solutions LLC

The NCQA is in the process of redesigning not only the initial Patient Centered Medical Home recognition process, but also the renewal process for already recognized practices. The redesigned initial recognition process will be part of the 2017 update to the PCMH Standards, and the updated renewal process is part of a major, ongoing redesign intended to streamline the application.

The current NCQA PCMH Recognition process is highly labor intensive for all involved. The process can take anywhere from six months to two years to complete (depending upon your practice size and number of locations), adding up to a significant investment of your practices resources.

In addition to the sheer amount of work involved, the NCQA application process isn’t an easy one to navigate. For example, there are three different places online where you have to go at various stages during the application:

  1. You’ll first log in to obtain your Standards and to buy the ISS Survey Tool. For this you will need to have a Username and Password for the NCQA Online Store.
  2. Then you’ll need a separate Username and Password for the Application portal where you will complete and submit your application.
  3. Lastly, in order to add documentation to the ISS Survey Tool for submission to the NCQA for grading you’ll need another separate Username and Password.

To make matters more complicated, you can’t pay online right now either—payments are only accepted by phone, fax or check.

In order to address some of this complication, in the spring of this year NCQA started a forum called Ideas4PCMH on their website. Representatives from small and large practices, professional societies, health plans, hospitals, accountable care organizations, community health centers, health IT companies, PCMH Certified Content Experts (CCEs), and State-based agencies gathered to form 17 focus groups tasked with developing new ideas for the redesign of their program logistics.

The PCMH redesign strategy includes four major components:

  1. Provide more guidance to practices through new channels, including live support, online resources and improved customer service;
  2. Introduce a streamlined annual check-in for recognized practices rather than requiring a full documentation review every three years;
  3. Use information generated in the course of daily clinical care to support the recognition process; and,
  4. Redesign the online survey tool to be more user-friendly and efficient.

In the current (2014 Standards) submission process they have already streamlined a few things. For example, the time-consuming process of entering percentages into a box in the ISS survey tool is no longer required for any of the meaningful use reports or the Record Review Workbook.

Under the 2011 Standards NCQA introduced ‘pre-validation’ for EHR’s and Practice Management Systems. Despite streamlining, the work required to get credit for pre-validated points after you have achieved recognition requires the equivalent of an add-on survey. For those of you going through the process now, check with your EMR vendors and if a product was pre-validated under the 2011 Standards, NCQA has cross-walked some of those points to the 2014 Standards. I will add a note of gratitude to the IT companies that do complete the pre-validation process—it is costly and time-consuming for them to do so—making it that much easier for practices submitting to the NCQA with these systems in place, and for us here at The Verden Group/PCS when guiding our clients through the process. Under the 2011 Standards some Vendors had as many as 17-21 points towards the 85 you need for a Level 3 Recognition—a really great step in the right direction.

However, while they help streamline some processes, there is also more work involved under the 2014 Standards than any standards that have come before. There is a requirement to provide annual patient satisfaction results and clinical performance data to them once you have your 2014 Recognition. This is to make sure that practices truly are continuing on the PCMH path and not just submitting (and then promptly dropping!) all of the good practices put in to place through the transition process.

One really exciting step in the right direction is that the NCQA has engaged a digital agency with unique expertise in user experience to help design their new online submission platform. During the next three to five months, the agency will talk to focus groups, participate in internal discussions, and review submitted comments. At the end of this first phase of development, the agency will present a design concept for the online platform that supports the updated PCMH recognition process. Their goal is to approve the final design concept later this year with the intent to build and test it in 2016.

The NCQA states, “We all have the same goal—improving the care people receive, their experiences with health care, and the need to reduce costs.” With regard to this statement, I believe that while the current NCQA PCMH model has introduced many benefits to practices and patient care, it is also true that the time and resources this process takes within a practice is enormous. Every practice that we have taken through the NCQA Recognition process has seen the benefits to documenting processes and overall streamlining of care. No one can argue that the system isn’t improved when you close all of the loops where patients can get lost in the cracks, but the resources it takes to do so cannot be ignored.

Also, having taken practices through the renewal process, I am keenly aware that even though you only have to provide documentation for 11 of the 26 Elements, you had better make sure that you are ready and able to provide documentation for the other 15 Elements as they can come back and ask for it at anytime. Generally, they will allow 3 days to provide the information but we’ve seen some cases where the practice has only been given 24 hours to produce documentation (we appeal those requests, of course!).

Here at the Verden Group/Patient Centered Solutions we are sincerely hoping for a sensible and simplified result from this major redesign.

We encourage you to participate in this discussion by sharing your opinions and ideas with the NCQA at: ideas4pcmh@ncqa.org

*A Tip for Practices Recognized under 2014 Standards: Under your quality improvement project, change your clinical measures to new ones once you have reached your goal – continuing at 100% would not be acceptable to NCQA 3 years in a row. They expect to see continuous improvement, not improvements achieved and then simply maintained at that target level. So set your goals small in order that they are both easily achievable and allow for incremental upward progression over the course of the three-year period.