Attestation and Audit

February 08, 2012

Create your own CRAT for ARRA

OK, so we made up that acronym to represent Compliance Regulations Analytical Tool.  ARRA seems complicated because it is!  The Federal Register on Meaningful Use for Providers contains 276 pages of fine print, in three column format (in case you think that is not a lot, the very same content was originally published in a 872 page PDF).  To keep up with ongoing developments, you will scour the CMS FAQ site containing thousands of entries, over 200 of which are pertinent to the EHR Incentive Program.  Add in the EHR Vendor Certification Final Rule and your head starts to spin.  Once CMS Audit Programs start generating findings and interpretations, we can expect further elaboration based on those audit details. 

 So how should providers be collecting and organizing all this information? 

Action Item: Organize, analyze and communicate a steady stream of ARRA Data from multiple sources

  

Some people and some organizations are good at mentally organizing all the information that will assure their successful attestation to Meaningful Use – and ability to withstand a cynical CMS auditor who may appear over six years following attestation.  But most will find it useful to employ tools and techniques that institutionalize the research and analysis of a couple key internal or external experts.  This article describes a proven meaningful use model providers could emulate in their own operations.  It is based on a commercially available tool (Meaningful Use Monitor), but the concepts represent capabilities that could be built internally.  Here are the “ top 10” design components:

  1. Deploy a database architecture - Databases provide structure that supports the complexity of ARRA, with better stability than spreadsheets.  Online databases facilitate real time communication / collaboration across multiple teams (clinical, IT, Administration).  And remember that you’ll need to monitor meaningful use every year, individually for the foreseeable future.  Just imagine all the spreadsheets …
  2. Populate  Measure and CQM content directly from the Federal Register(s) – with references to specific page and column.  Every day, our Knowledge Center team answers questions from hospitals and clinics on Meaningful Use.  Even with that level of experience, knowing where to look, and in which Federal Register (there are actually two of them so far relevant to Meaningful Use), saves time and gives our answers a solid grounding in fact, supportable to even the most skeptical CFO or auditor.  Give your team this same edge. 
  3. Tie each Measure and CQM to new and updated CMS FAQs - as soon as they are published.  In fact, you’ll need to periodically review “old” FAQ's, and update your knowledge center, since CMS sometimes updates historical items.  And when CMS Auditors hit the field, we expect further interpretations and elaborations for Meaningful Use Measures. 
  4. Incorporate Community of Practice – Develop relationships with other providers, sharing your practical problems and solutions.  And use your CRAT to document your shared learning’s, associated with each Measure and CQM. 
  5. Document your own standards and interpretations - for each Measure and CQM.  CMS actually states that providers will need to provider their own views in FAQ’s on specific measures.  As we progress through Meaningful Use, we find some regulations leave room for a range of possible interpretations.  Documenting your organization’s formal interpretation will save confusion, provide consistency, and explain to future auditors and reviewers the practicalities of why you took a given position.   
  6. Link to PDF copies of your Certified EHR reports - on each Measure and CQM.  Once you have solid documentation of the unique set of requirements you’ve configured from Core and selected Menu objectives, start running the reports from your Certified EHR.   Then use your CRAT to assemble all those reports under one universally-accessible dashboard, complete with comments on progress or impediments your Meaningful Use Analyst needs to track and share. 
  7. Link to workflows and policies - associated with each individual Measure and CQM.  Meaningful Use will be based as much on your policies and procedures, as on your technology.  Having all your policies and procedures in the same CRAT with the time-specific regulations and interpretations will help your process team and clinical staff be in compliance, and defend your position. 
  8. Store long-term document repository - (explicit retention requirement of six years).  You don’t need to store interim EHR reports for the long term.  But once your organization (or individual EP) hits Meaningful Use over an appropriate reporting period, you’ll want a permanent snapshot of the state of your EHR’s content for each Measure and CQM.  We also think it important to tie each report to the specific Regulations, your interpretations, and your processes that exist during that reporting period (based on Federal Register, FAQ and Audit Report data).
  9. Deploy online, self-directed e-Learning material - configured to the needs of different clinical, executive and operational teams.  In-person training session might get to most of your team, but given the nuances and complexity of Meaningful Use, some members will benefit from the ability to review the content multiple times, and even to use a quiz to reflect upon the material and solidify their knowledge.  Of course, online e-learning also gives people the ability to study at their own time and pace.  And most Learning Management Systems give you the ability to track education progress at whatever level you deem appropriate.    
  10. Staff a Knowledge Center – Dedicate at least one primary contact, deeply knowledgeable in all of meaningful use as the central resource for answering questions, researching the regulations, and resolving  ambiguities in the regulations, or your EHR.  It’s probably a good idea to have a fallback person in the event your primary contact becomes unavailable.  Knowledge Center resources are a great supplement to your on-line e-Learning material as well. 

Becoming compliant with complex regulations in an organization the size of even a small hospital, or medium-sized ambulatory group requires formal capabilities in research, analysis, communication and measurement.  Using a well-structured toolset will enhance these disciplines in nearly every case.  Of course, we would love to sell our solution that contains all these capabilities to you … but if you decide to build it on your own, this design concept should give you a good kick start.  Best of Luck!

 

Posted at 10:01 AM in Attestation and Audit, Compliance Pragmatics, Qualifying Rules, Reporting on MU Measures | | Comments (0) | TrackBack (0)

| | |

December 05, 2011

CMS is Developing an Audit Strategy … Shouldn’t You?

Congress for the HITECH Act specifically authorized submission of information as to meaningful use through attestation.  CMS is developing an audit strategy to ameliorate and address the risk of fraud and abuse.”  Federal Register, July 2010

 

So how should we be preparing ourselves? 

 

Providers need their own strategies. We suggest patient-level detail reporting.

  

Bottom line is, no one yet knows the answer to how audits will be conducted. Attestation is deceptively simple,  it requires little documentation, and is complete when you submit your online application. Where we see documentation becoming important is as a response to downstream audits. Here’s what we believe to be a conservative approach to preparing an advance defense.  We see three grades of conservatism in your documentation approach, and a series of additional strategies to add a little additional strength. 

1. Rely on Certified Software to report correct data at the time of an audit –While this has the merit of little or no up-front work, we steer people away from this “wait and see” approach. Audits can happen up to six years later, and a lot can change over six years in a hospital EHR, or in the composition of the team who remembers the details surrounding interpretations of measures in the “grey area” where CMS could not fully predict all the nuances of clinical operations that you have to follow.   
2. Save copies Certified (Summary level) EHR Reports – some CMS advisories have implied that data in a Certified EHR will be deemed accurate. Most reports we’ve seen from Certified EHR’s are a single page per MU Measure. Content is numerator, denominator, percentage, and date range, for the organization and the Measure.  Saving copies of these reports will certainly give you some audit defense. 
3. Create copies of Patient Level Detail – CMS states no explicit requirement for patient level detail, nor is it required for software to be certified. We recommend it though.  CMS requires you to attest to the “accuracy and completeness” of your data, and each Measure. It seems that you cannot do so, without analyzing patient level detail (i.e., would your CFO accept a bank statement with no more detail than just the balance?). Further, some Measures are based on site-specific variables, such as “observation services” vs “all ED patients” choices.  And patient-level detail will show whether all choices have been correctly represented.  The downside is that you may need to create these reports, if you software has only fulfilled the bare bones requirement of certification. 

Regardless of documentation strategy, here are  techniques to enhance the reliability of your defense against an audit:

  • Conduct Explicit Reasonableness Checks – If you know your annual volume is 20,000 patients, and your CPOE report is only reporting on 7,000, maybe you should dig a bit deeper into that report.  If your EHR is showing the same patient volume for metrics requiring “all patients” as for “EHR only” patients, then you should be prepared to show data as to why this should be so.  A skeptical auditor will probably estimate your patient volume from billing or census data, and compare that to your EHR records. 
  • Maintain a Measures Checklist - In MUM, we show audit checklist reports summarizing all Measures. The checklist identifies the numerator / denominator and date range values, resulting percentage, (or Yes/No value as appropriate), and show whether a link exists to a PDF of an “audit proof” report. Prior to attestation, internal audit should review this checklist, verify each audit proof report, and make sure it shows the level of detail and proof you deem appropriate. We suggest presenting that signed checklist to the CFO (or other attesting officer), prior to attestation. In our checklist we have placeholders for certification “proof” as well. (i.e., a letter from your vendor, certifying that you have purchased from them all modules included in their certified software).
  • PDF your reports – and store them in a dedicated, secure repository, with an explicit retention period of at least equal to the six years.  Tie each PDF to your Measures checklist, too. 
  • Supplement Screen Prints – as be part of the documentation for those Measures with yes / no Attestation types (like those requiring you to show that a feature in your EHR is “turned on”).  But even with screen prints, we advise showing supplemental reports with patient level detail, showing that the functionality was in place throughout the reporting period. 
  • Document Test results – for Measures requiring you to conduct a test of a given capability, store your test data, scripts, and the entities with which tests have been conducted.  Testing plans and associated results should be a part of your six-year Meaningful Use documentation repository. 
  • Document your assumptions – the wording around some Measures leaves room for different interpretations of what specific clinical behaviors would be compliant.  Over time, these “grey areas” may be crystallized by CMS pronouncements.  Until that happens, we recommend that your documentation repository leave room for written interpretations, workflows or policies, associated with each individual measure. 

So ultimately, think like an auditor.  Auditors are trained to “professional skepticism”, and are motivated by finding shortfalls.  They will have work plans based on knowing where and how to look for discrepancies, whether you intended them or not.  Defending against their pre-planned approach should not wait until they ring your doorbell, but a well-constructed documentation defense should be done before attesting.  After all, CMS is developing an audit strategy … shouldn’t you?

Posted at 07:42 AM in Attestation and Audit, Compliance Pragmatics, Reporting on MU Measures, Requirements Intrepretation | | Comments (0) | TrackBack (0)

| | |

October 19, 2011

Lessons Learned from a Small Ambulatory Practice's Attestation Success

The latest report from the HIT Policy Committee states that 2,246 eligible providers and 100 hospitals have attested to meeting Meaningful Use (MU) criteria. With thousands of dollars at stake, providers and hospitals that have invested in electronic health records (EHR) are trying to figure out the recipe for successfully attesting. 

 

To be fair, there's no silver bullet that can guarantee that you'll successfully attest to MU. However, picking up some tips for success from other physicians and practices that have attested can never hurt. Houston Neal, Director of Marketing at the Austin-based tech firm Software Advice, recently caught up with Dr. Kevin Spencer to find out how his Austin practice was able to attest. Dr. Spencer shared with three keys components that he thought were essential to attesting for Meaningful Use. According to Dr. Spencer, the keys to success were:

  • Choosing the right EHR software company;
  • Undergoing meaningful use training; and,
  • Changing documentation processes to fit meaningful use guidelines.

To get more in-depth advice, check out the blog post summarizing Dr. Spencer's advice at: How to Attest to Meaningful Use (MU): 3 Tips from a Meaningful User.

Derek Singleton
ERP Analyst
Software Advice

Posted at 03:35 PM in Attestation and Audit, Compliance Pragmatics | | Comments (0) | TrackBack (0)

| | |

October 18, 2011

CMS's Multiple Choice Quiz - If your Certified EHR generates an inaccurate result, are you liable?

I wish I could come up with the definitive answer to this question.  Inside our firm, and across our subscriber base, we engage in stimulating discussion on the topic.  Based on relevant CMS publications (appended to the end of this article) a reasonable person could come up with either of the following interpretations: CEO and MU

Interpretation 1: It will not be acceptable to rely on the fact you are using a certified EHR.  Accuracy is the responsibility of the provider, not the vendor.

Interpretation 2:  If the Certified EHR generates a number, CMS will deem the number to be accurate. 

Of course, those of us with products or services to sell will try to drive you to Interpretation 1.  That perspective points out that definitions of patient population for numerators and denominators has, in some cases been changed (or at least clarified) by CMS pronouncement after the issuance of NIST testing procedures for certifying EHR software.  And further, those test procedures do not explicitly provide an ATCB with the detail calculations of Meaningful Use Measures and  Quality Measures, under all assumptions and choices a provider might make (i.e., there are some instances of CPOE that should not be counted if entered by an individual inappropriate to the CMS regulations, or our hospital has chosen to count only Observation Services Patients).  Under this interpretation, prudence dictates at least a modest testing program against patient-level detail to validate the completeness and accuracy of each report. 

Under Interpretation 2, comes the reasonable assumption that CMS today relies on their testing processes to certify software.  And that for the next six years (period open for audit), that interpretation will be consistently applied. 

To provide some context for these interpretations, let's consider CPOE.  For Hospital A (or EP A), let's assume the certified EHR reports 32%, which is above the 30% threshold.  Further, CMS states that each provider must to evaluate on a case-by-case basis whether a given situation is entered according to state, local, and professional guidelines, allows for clinical judgment before the medication is given, and is the first time the order becomes part of the patient's medical record.  So one logical extension (relative to EHR reports,then) is that providers should also evaluate the reporting from their EHR as to compliance with the regulatory processes in their environment. 

So, rather than apply more of my interpretations, here's the CMS FAQ defining the issue.  This is also part of the statements you'll agree to during the registration and attestation processes.  Take a look, and share your thoughts ... which interpretation shall drive your efforts?

Published 04/22/2011 01:58 PM   |    Updated 04/26/2011 05:48 PM   |    Answer ID 10589

To what attestation statements must an eligible professional (EP), eligible hospital, or critical access hospital (CAH) agree in order to submit an attestation, successfully demonstrate meaningful use, and receive an incentive payment under the Medicare Electronic Health Record (EHR) Incentive Program?

Currently, the attestation process requires EPs, eligible hospitals, and CAHs to indicate that they agree with the following attestation statements:

  • The information submitted for clinical quality measures (CQMs) was generated as output from an identified certified EHR technology.
  • The information submitted is accurate to the knowledge and belief of the EP or the person submitting on behalf of the EP, eligible hospital, or CAH.
  • The information submitted is accurate and complete for numerators, denominators, exclusions, and measures applicable to the EP, eligible hospital, or CAH.
  • The information submitted includes information on all patients to whom the measure applies.

CMS considers information to be accurate and complete for CQMs insofar as it is identical to the output that was generated from certified EHR technology. Numerator, denominator, and exclusion information for CQMs must be reported directly from information generated by certified EHR technology. By agreeing to the above statements, the EP, eligible hospital, or CAH is attesting that the information for CQMs entered into the Registration and Attestation System is identical to the information generated from certified EHR technology.

CMS does not require EPs, eligible hospitals, or CAHs to provide any additional information beyond what is generated from certified EHR technology in order to satisfy the requirement for submitting CQM information.

Please note that quality performance results for CQMs are not being assessed at this time under the EHR Incentive Programs. Complete and accurate information for the remaining meaningful use core and menu set measures does not necessarily have to be entered directly from information generated by certified EHR technology. By definition, for each meaningful use objective with a percentage-based measure, certified EHR technology must include the capability to electronically record the numerator and denominator and generate a report including the numerator, denominator, and resulting percentage for these measures. However, with the exception of CQMs, meaningful use measures do not specify that this capability must be used to calculate the numerators and denominators. EPs, eligible hospitals, and CAHs can use a separate, uncertified system to calculate numerators and denominators and to generate reports on all measures of the core and menu set meaningful use objectives except CQMs.

In order to provide complete and accurate information for certain of these measures, they may also have to include information from paper-based patient records or from records maintained in uncertified EHR technology. By agreeing to the above statements, the EP, eligible hospital, or CAH is attesting to providing all of the information necessary from certified EHR technology, uncertified EHR technology, and/or paper-based records in order to render complete and accurate information for all meaningful use core and menu set measures except CQMs.

Posted at 08:47 AM in Attestation and Audit, Compliance Pragmatics, Quality Reporting Rules | | Comments (0) | TrackBack (0)

| | |

September 21, 2011

Where Certified EHR Reporting Falls Short

We all know that to be Certified, EHR vendors must provide reporting against Meaningful UseTablet PC with Charts 320  Measures,   based on the Objective and Threshold specified in the Regulations. But when an ATCB tests for Certification, EHR vendors only need to show that they can calculate and display the numerator and denominator, and the date range against which these metrics are calculated.

In at least three areas, vendors must address additional capabilities ... or Hospital and Physician Information Technology staff will need to take up the slack.

Configuring Populations

CMS issues clarifications or elaborations via FAQ's regularly.  And sometimes, in the text of the Federal Register itself are nuances that need to get into your reports.  For example, most reports probably already exclude newborns from the calculation of Measures.  But in order to be sure, you should probably take a look at patient level detail. Similarly, under CPOE, CMS issued a series of FAQ's in November of 2010. These FAQ's defined guidelines on who would be permitted to actually enter the order, and represented clarifications beyond what existed in the Final Rule issued the prior July.  In this case, it seems prudent to validate whether your Certified EHR vendor reporting includes all CPOE orders, or filters based on the licensing status of the individual inputting medications.  There is a risk of "false positive" measurement here, depending on the interpretation position you care to defend, and your medication order clinical policies. And of course, each hospital (not relevant to EP's) must choose whether to include all ED patients in each measure, or Observation Services Patients only.  After that choice, check your MU reporting to make sure it is consistent with your choice. 

Patient-Level Detail

If your personal checking account statement only listed an account balance, might you want to see transactions validating it?  Same story with Meaningful Use.  Certification does not test for all the "transactions" making up the numerator and denominator of each measure.  Some ATCB testers will ask a vendor to change an underlying patient record, to see if the measure re-calculates, but the NIST testing procedures do not require an ATCB to verify that the measure is correct, based on all patients in the database.  Do you really care, since you have Certified Technology?

We think so.  On the CMS Attestation site, your CFO (or who ever is attesting to your Meaningful Use) is required to attest to the "Completeness and Accuracy" of all information.  One (likely) interpretation of this statement is that responding to an auditor with "it must be complete and accurate because the EHR is certified" ... might not be good enough. 

Yes / No Attestations

Some Measures require only a Yes / No Attestation (e.g., Clinical Decision Support Rule, or Generating Lists of Patients by Specific Conditions).  Certainly you will know if you have one turned on.  And you'll be sure to count something other than CPOE, right?  But a skittish Compliance Officer, or CFO might want to see the proof you'll show to an auditor.  Might be a good idea to have some supplimental reporting in your hip pocket on each of these. 

Posted at 06:27 PM in Attestation and Audit, Compliance Pragmatics, Reporting on MU Measures | | Comments (0) | TrackBack (0)

| | |

July 27, 2011

What reporting period for Meaningful Use Clinical Quality Measures?

This has been an interesting question in my mind for a while now. CMS has been consistent in referencing back to the published technology specs in the HITSP Guide (HITSP Quality Measures Technical Note ED, VTE, and Stroke Examples for Implementation of the HITSP Quality Interoperability Specification) for Inpatient and a series of NQF specifications for Ambulatory.  Those specifications include requirements for the period over which the CQM is to be calculated, and in most cases that period is a full year.  Oops.  If our EHR Reporting period gives us a break in the first year, and we are only required to attest to Meaningful Use for 90 days, what about CQM’s?   

Well, we can rest easy.  The short answer is that CQM’s should be calculated and reported on over the same 90 day period as the balance of our Meaningful Use calculations.  Here’s the quote from the Federal Register from July 2010, Page 44421, Column 1:

 “We also proposed that to demonstrate an eligible hospital or CAH is a meaningful EHR user, the eligible hospital or CAH would be required to electronically submit information on each clinical quality measures for each patient to whom the clinical quality measure applies, regardless of payer, discharged from the hospital during the EHR reporting period and for whom the clinical quality measure is applicable.” 

If this is not clear enough, I also found a quote on the CMS site for Quality Measures Electronic Specifications elaborating that position. 

 "Reporting Period: The reporting period for the EHR Incentive program using a certified EHR is any continuous 90 day period during the first payment year. Please note that although the measure specifications assume a full calendar year you should only calculate the denominator and numerator from the first day of the 90 day reporting period to the last day of the 90 day reporting period."

http://www.cms.gov/QualityMeasures/03_ElectronicSpecifications.asp#TopOfPage

So now I’m feeling better about those CQM’s. They are sufficiently risky and complex that matching reporting period with ARRA reporting period should take some risk off the table.  Don’t get overly complacent, though.  CMS still expects the results to be “complete and accurate” over your 90 day period.  Here’s the quote taken from the same Federal Register as above, on page 44381:

"we  proposed to require … eligible hospitals use certified EHR technology to capture the data elements and calculate the results for certain clinical quality measures.  …  We also proposed to require that Medicare EPs, eligible hospitals, and CAHs attest to the accuracy and completeness of the numerators and denominators for each of the applicable measures.  Finally…we proposed that EPs, eligible hospitals, and CAHs demonstrate their use of certified EHR technology to capture the data elements and calculate the results for the applicable clinical quality measures by reporting the results to us for all applicable patients. "

So it is still more than just a checkbox.  We have to create CQM’s as if we were to be submitting them “for real”, just against a shorter period, which should help those of us getting new data into our EHR’s for the first time.  Don’t forget the potential of a CMS auditor on your doorstep one day, asking to prove your attestation! 

Jay Fisher | @JayRFisher

Posted at 01:17 PM in Attestation and Audit, Compliance Pragmatics, Quality Reporting Rules | | Comments (0) | TrackBack (0)

| | |

June 02, 2011

CMS view of "Trust, but Verify" = "Attest but Audit"

We have been advising our readers for a while to expect CMS audits. We've even offered some advice on how to do that, within our Meaningful Use Monitoring tools (attend one of the webinars listed on this site to see how). 

But not many other writers have stepped up to the same perspective yet.  Yesterday, I saw an article from a consultant and blogger who we respect, Jim Tate on this topic.  I would encourage you to take a peek at it on HITECH Answers.  Their site offers a number of interesting free services to EP's and EH's that are worth keeping an eye on as well. 

Jim's advice is even stronger than ours, regarding diligence before attestation.  In fact, he regards lack of such diligence as outright fraud - which is the perspective we fear CMS may take as well. 

Jay Fisher | @JayRFisher 

Posted at 09:23 AM in Attestation and Audit, Penalties and Rewards | | Comments (0) | TrackBack (0)

| | |

April 20, 2011

Caveat Emptor! Certified EHR might fall short on Reporting

Your Certified EHR will do everything you need, right?  And if it does not, it is the vendor's issue, right? 

Kind of. 

Here's an interesting extract from the criterion by which EHR software is certified for the process of Automated measure calculation (170.302 (n)). The regulations state that this criterion requires 

"For each meaningful use objective with a percentage-based measure, electronically record the numerator and denominator and generate a report including the numerator, denominator, and resulting percentage associated with each applicable meaningful use measure."

Clear enough.  But look at the detail instructions for actually validating that this occurs, and you may be surprised by the minimum requirement:

The Vendor provides the test data for this test procedure.

This test procedure is organized into two sections:

- Record - evaluates the capability to electronically record the numerator and denominator for each meaning use objective with a percentage-based measure
   o If the Vendor indicates that the EHR automatically records the numerator and denominator
for the measure, the Tester proceeds to the Generate Report step below.
   o If the Vendor indicates that the EHR does not automatically record the numerator and/or
denominator, the Tester uses Vendor-identified functions and Vendor-supplied
numerator/denominator values to enter numerator/denominator information into the EHR.


- Generate Report - evaluates the capability to generate a report that includes the numerator,
denominator, and resulting percentage associated with each percentage-based meaningful use
measure
   o The Tester generates a report that includes the numerator, denominator, and resulting
percentage associated with each percentage-based meaningful use measure
   o The Tester validates that the report is generated and is accurate and complete based on
Vendor-supplied data 

Ok let's read between the lines here.  First, the vendor is only required to calcualte and display the numerator, denominator and any associated percentage.  They are not required to provide any detail reporting to support or prove this percentage.  Prudent vendors probably will but certification is not a guarantee. 

Secondly, if the vendor's software does not automatically calcualte the numerator and denominator, they can still pass the test!  All they need do, is have the ability to enter the numerator and denominator into their system, and from there calculate a percentage. 

We derive two action items from this set of observations. 

  1. Quickly figure out how your vendor's software works
  2. Quickly find the reporting in your vendor's software that shows the details associated with each measure.  If the report does not exist (and it is not required to exist), they you might want to get your Business Intelligence Team on it. 

Jay Fisher | @JayRFisher

 

Posted at 04:41 AM in Attestation and Audit, Certification of EHR's, Compliance Pragmatics | | Comments (0) | TrackBack (0)

| | |

April 17, 2011

Guidelines for Attestation with Multiple EHR Technologies

Paging Dr Goldberg We were chatting recently with a tester from one of the  ATCB's who issue EHR software certifications on behalf of CMS.  As you know, the first step towards compliance with the ARRA laws enabling hospitals to receive EHR stimulus funds is in actually owning certified EHR software.  Our friend there has been involved in testing EHR's for the purpose of "self-certification".  Self certification becomes a necessity more often than you might imagine ... but that's a topic for a different day. 

At this particular ATCB, we heard that a majority of the hospitals presenting themselves for self certification were doing based on a combination of multiple EHR technologies.  What an intriguing set of pragmatic issues this raises!  Let's explore a few, with some ideas on solutions. 

  1. Roll up of Measures - You'll need some way in which to aggregate numerator, denominator and the resulting percentage across multiple EHR's, when it comes time to attest. 
  2. Aggregation of "Audit Proof" - as we've discussed elsewhere, attestation is probably a lot easier than providing detail documentation acceptable to a skeptical CMS auditor, who can show up on your doorstep for up to 6 years after attestation.  Depending on CMS' perception of program performance, these auditors may be inclined to merely check that your technology can calculate a percentage - or may be inclined to evaluate detailed lists of unique patients under the circumstances of each unique MU measure.   Risk-adverse organizations will probably create reporting across multiple EHR's to pull the requisite details, with a track-back to the specific EHR in which patients are maintained. 
  3. Yes/No Attestations - Counting Core and Menu items, there are 9 measures for which you can attest by merely saying "yes" or "no".  The conservative approach is to make sure that for each of these measures, you should be prepared to defend a "yes" attestation across all EHR's in your inventory.
  4. Denominator for Measures that count "All Patients Maintained in Certified EHR technology" - similar to Yes/No attestations, it seems prudent (under a conservative approach) to account for all unique patients across all EHR's rather than just a single core product. 
  5. Denominator for Measures that count "All patients", regardless of whether they are maintained in Certified EHR - Patients in your OB ward whose records never make it to the core inpatient EHR system probably are one example - particularly if they are maintained in a standalone EHR that has not been certified.  When calculating this type of measure, and there are several, make sure you isloate these "non-certified EHR" patients and count them appropriately, as you conduct your measure rollups for hospital-wide attestation and audit proof. 
  6. EHR Certification Number - This one stumped me at first, but there is a simple answer.  When a provider signs up to attest to Meaningful Use, the attestation site asks if you have a certified EHR.  And it provides a field in which you report yours.  But there is only one field!  Here's how it works.  On the Certified EHR Product List (CHPL) website at http://onc-chpl.force.com/ehrcert ... Select the first EHR in your inventory, and add it to your shopping cart.  Find each of the other certified products, and add them as well. When you check out, CMS will aggregate these products together and give you a single, aggregated certification number usable in your Attestation.  If you've self certified one or more products, they will be on the CHPL site as well, and will simply be one of the selections you make.  

I'll bet there are other practicalites we've not investigated here.  Share your thoughts, and between us, we'll come up with a comprehensive point of view! 

Jay Fisher | @JayRFisher

 

 

Posted at 04:33 PM in Attestation and Audit, Certification of EHR's, Compliance Pragmatics, Reporting on MU Measures | | Comments (0) | TrackBack (0)

| | |

March 18, 2011

Need to register a large number of EP’s for the Medicare or Medicaid EHR Incentive Program in the near future? Better get started – each EP has to register him/herself

At this time there is no method available for a third party to register multiple eligible professionals for the Medicare and Medicaid EHR Incentive Programs. Beginning in May 2011, CMS plans to implement functionality that will allow an eligible professional to designate a third party to register and attest on his or her behalf. Detailed information about that process will be issued when it is available. States will not necessarily offer the same functionality. Eligible professionals should contact their state to see if there is additional information they will need to provide.

Please be aware that eligible professionals currently are not permitted to allow a practice manager or any other person to register in their place. Sharing your National Plan and Provider Enumeration System (NPPES) user ID and password with third parties can place your information at risk. Until CMS implements new functionality in May 2011, each EP should register himself or herself separately for the Medicare and Medicaid EHR Incentive Programs.

 

So – do you need to register hundred(s) of EP’s before May, 2011?  You’ll need some process to ensure that each EP correctly does the registration.  For now, no third party registration is allowed. Let’s hope that the new functionality planned in May 2011 will ease this burden. 

 

Thanks to HIMSS for this update.

 Brian Younger, C3 Partners

Posted at 11:52 AM in Attestation and Audit, Compliance Pragmatics | | Comments (0) | TrackBack (0)

| | |

January 28, 2011

How Should Providers React to Potential Repeal of HITECH Funding ?

A new bill before Congress known as H.R. 408, the Spending Reduction Act of 2011 targets reduction or elimination of ARRA HITECH EHR Stimulus funds.  While there are enough Republican votes in the House to pass the bill there, the Senate still lacks Republican majority.  And even if both houses were to pass this bill, a presidential veto seems likely. 

The next question would be whether sufficient votes could be garnered to override and Obama veto.  Given current Congressional makeup, this seems very unlikely. 

So, while this will be an interesting activity to watch, it still seems prudent for providers to stay the course on ARRA HITECH activity.  Since passage seems unlikely until after 2012 elections (at the earliest), funding will be available until then at least.  In fact, moving quickly to qualify and receive funds is probably the most responsible fiscal  action. 

What do you think?

Posted at 09:35 AM in Attestation and Audit, Qualifying Rules, Regulatory Activity | | Comments (3) | TrackBack (0)

| | |

July 06, 2010

HITECH will keep your Business Intelligence Team Busy

 

One of our Meaningful Use Monitoring (MUM) customers recently commented on the significant amount of work his hospitals will have to do to develop proof of compliance for the HITECH requirements. Much, but not all, of the reporting work may be supported by EHR vendors – however, many hospitals have multiple EHR vendors (especially true with ED and OR) that will require coordination and synchronization.  A large hospital will have to access and organize scores, or even hundreds of reports to analyze and prove Meaningful Use.  These hospitals will have to build reporting across multiple systems (EHRs, ADT, Pharmacy, Registries, Lab, and Radiology).  There is probably no way around this.  Here are a couple examples of this complexity:

  

 

  • Determine, for each Quality Report, that all data elements exist in your (relevant) EHR, to support creation of the report (even if it is not necessary to create the report from the EHR in year 1 for Stage 1 requirements, you must attest to the fact that you could have);
  • Incorporate clinical lab test results into EHR as structured data – seems straight forward until you realize the need to gather all lab tests ordered (manual, other systems), not just the ones ordered from  your primary EHR system. Then you need to ensure the results are in a positive / negative or numerical format to be countered toward the 50% measure threshold.
  • Analyze all "transitions of care", and report on whether a "medication reconciliation" took place;
  • Identify, for all unique patients (whether they are in the EHR or not), whether they had problem list coded via ICD-9 or  SNOMED (in the EHR);
  • Log each instance of transition of care (between providers), and identify whether a Summary of Care record existed, and was provided (from the EHR).

OK, you get the point.  There are currently 14 Meaningful Use Requirements for AllSystemsCat hospitals, and 15 Quality Reports.  If you have one EHR only, and you can guarantee that all relevant data is in the EHR, then you will not need to integrate with other hospital systems.  Most of us are not in that position, yet.  The complexity of many hospitals will require that in order to conduct the analysis, department-level reporting will be needed.  And you'll need to create these reports early on, so you can run them regularly, in order to monitor your progress towards compliance. 

Hospitals will need tools and processes to organize and report status against all that work, and a simplified organization and reporting scheme will save a lot of effort on the part of clinical evaluators, Business Intelligence Teams, and internal audit.  One design concept we have adopted, is to create a link within MUM at the level of department and requirement, by which users can identify (and even execute) each unique report that analyzes and proves departmental compliance, for each requirement.  This is a powerful concept!  We also provide the audit proof link, by which these reports are organized along requirement and departmental lines. 

  

 

So ... it seems prudent to get your BI Team involved early in the process!  Educate them in each single requirement, so that they can start the process of evaluating how to track progress, and log proof. It will be useful to your clinical leadership to provide data that shows HITECH compliance status.  Anecdotal attestations as to compliance might be useful to determine whether to pursue meaningful use, but won't stand up to CMS audit. 

 

Jay Fisher | @JayRFisher

 

 

 

 

Posted at 01:36 PM in Attestation and Audit, Regulatory Activity, Reporting on MU Measures, Requirements Intrepretation | | Comments (0) | TrackBack (0)

| | |

June 14, 2010

Preparing for ARRA HITECH Gap Analysis - Who should be involved?

It seems that ARRA HITECH Gap analysis is not just a quick back of the napkin sketch.  In fact, itHITECH Team
looks like a project.  One of the first questions in any project will be "who is involved?".  Our Straw Man consists of a Core Leadership Team responsible for defining the standards and processes by which a gap assessment is conducted, and a series of supporting roles (the people actually conducting assessment activities).  Here's what we think...  

Core Leadership Team 

Program Manager  

  • Overall responsibility for managing the Meaningful Use processes/program in the organization  
  • Reports status to Senior Management  
  • Sits on the Meaningful Use Steering Committee (see below)  

 

Clinical Content Officer   

  • Responsible for determining the impact of the Meaningful Use Requirements on the organization, and determining who needs to be involved in assessing and achieving compliance for each requirement   
  • Sits on the Meaningful Use Steering Committee (see below)  

 

IT Liaison  

  • Responsible for understanding the certification status of the organization’s EHR(s).   
  • Coordinates with EHR Vendor to obtain and validate the technology components that need to be in place to support Meaningful Use
  • Sits on the Meaningful Use Steering Committee (see below)
  • Responsible for the user management and configuration functions of the MUM software portal (managing passwords/access, monitoring data accuracy, addressing technical issues that may arise)

 

Executive Sponsor

  • The executive who is responsible for ensuring the right resources and management attention are allocated to the Meaningful Use efforts of the organization. 
  • Signs the attestation documentation that is submitted to CMS and the State (note – this could be a different executive)

 

Supporting Team

 

The following roles will be actively involved in day-to-day analysis of ARRA HITECH requirements compared to current capabilities, and updating status as capabilities continue to mature over the life of the HITECH program. 

  

Requirement Owner

The person in the organization who has overall responsibility for compliance with a particular requirement, across all clinical departments involved. In many cases this will be the Clinical Content Officer, but some requirements will be assigned to a separate individual. 

  

Department Attester

Individual who will ultimately be accountable for the clinicians under their control using EHR systems to achieve Meaningful Use.  During the assessment phase, this individual will be responsible for evaluating, attesting and proving their clinician’s Meaningful Use status. 

  

Business Intelligence Team

Each provider or hospital will be required to provide proof that, for each annual reporting period, they have been compliant with each ARRA HITECH requirement, across every relevant clinical department.  In some cases, EHR vendors will have developed reporting within their systems.  In most cases, however, acceptable proof will include data coming from multiple different systems.  The Business Intelligence Team will be responsible, under direction of the Clinical Content Officer, to analyze the reporting available from the relevant EHR(s), and compare that reporting to HITECH requirements.  Where necessary, they will develop specifications and complete new reporting. In all cases, they will provide information to all Department Attesters as to what report will adequately prove compliance with each requirement. 

 

  

* * * * * * * * * * * *

 

  

That may not cover everyone involved, but we think it is a good start on defining roles and responsibilites.  Please share with us what you think!

 

Jay Fisher |@JayRFisher

 

 

Posted at 05:28 AM in Attestation and Audit, Compliance Pragmatics | | Comments (0)

| | |

June 10, 2010

Check out our HITECH Hero Series for Summary Concepts


In the Regulatory Quiet Period over the past couple months, we've created a series of vignettes, which illustrate concepts within ARRA HITECH's Meaningful Use regulations that you might enjoy ...

CMS Website

CMS will publish, on their website, all hospitals who are Meaningful Users.  Are there any implications of being on or off that list?


 

CEO at Desk 320

What's the difference between having EHR Software, and achieving Meaningful Use? 



SeparateChecks

 Who has to be involved in your hospital's Meaningful Use efforts?



TheFuture

All we have to do is submit an Attestation to CMS, Right?

 


 

AllSystems

What integration might be required to make Meaningful Use work?




Ok, so these are a bit frivolous, but maybe they help think through a point or two.  Hope you enjoyed!

Jay Fisher | @JayRFisher 


Posted at 08:13 AM in Attestation and Audit, Requirements Intrepretation, Vendor HITECH Ceiling | | Comments (0)

| | |

February 25, 2010

Monitoring Meaningful Use - Protect Your HITECH Compliance Officer!

MUM Dashboard MPS Partners. a business partner of C3 Healthcare Partners has developed a set of Microsoft Share Point Extensions around our Meaningful Use Monitor (MUM).  MUM was built to organize the processes of compliance with measuring, achieving and documenting compliance with every single HITECH Requirement. 

Click on the image to the right to look at this short video to get a sense of what we think is a great example of some of the tools, processes and organizational tasks most institutions will need to objectively and easily keep track of where they really stand relative to HITECH.  And once you are compliant ... MUM contains the tools to organize that proof for as long as you need to retain it for those prospective HHS Auditors!   

Jay Fisher | @JayRFisher

Posted at 02:40 PM in Attestation and Audit | | Comments (0)

| | |

Who Creates Meaningful Use?

Capture Sometime in the near future, hospital executives will start to sign Attestation statements to HHS, asserting their compliance with a relevant set of detail requirements on Meaningful Use of EHR in their institution.  It may be your Compliance Officer.  Perhaps your CFO, or even CEO.  Regardless, they will want some process by which they can be certain that all the relevant people have documented their commitment to compliance, too! 

Achieving Meaningful Use starts with your IT department installing a certified EHR software product.  In a lot of cases, hospitals will have multiple EHR's, some (or all) of which will need to be interfaced with relevant data passing between them.  But MU certainly does not end with installed product!  Physician practices need to incorporate CPOE.  Nursing notes are required for some criteria.  And Quality Reporting will have to be made from data residing in your EHR(s) ... much of which you probably don't capture there yet. 

More interfaces.  Additional Clinical Processes.  Sometimes, additional staffing to help get data into the right places.  Some type of monitoring, to make sure data really exists in the places where your policies say it will be. 

Sounds like a lot of people need to be involved. 

Jay Fisher | @JayRFisher


Via YouTube.

Posted at 07:35 AM in Attestation and Audit | | Comments (0)

| | |

February 16, 2010

What kind of HITECH compliance documentation must providers maintain?

Once a provider has asserted compliance with all the HITECH rules and filed their attestation statement with CMS, what else is prudent to do?  We think that it is necessary to match up documentary proof for each individual requirement ... and possibly for each hospital department where that requirement is fulfilled!Episode 4 - How's your documentation? Here's our thinking:

1. You have to meet all the requirements and even if CMS relaxes this rule, most organizations will still need to be able to prove which ones were and were not met;

2. CMS retains the right to audit your compliance for up to 10 years after you've received funds. 

3. Some requirements may be met only through the coordinated effort of multiple EHR?s (in some hospitals), and the mix of technology, practices and requirements existing at some point in the past will change. 

4. You have to comply each year, individually, and based on the requirements active in that specific year.

5. Hospital management will want to know that what they are attesting to (compliance to the HITECH requirements) is backed by credible evidence

All together  we think it is necessary to document your proof for each requirement, for each year!  Now, click the green button, and enjoy our HITECH adventure!

via YouTube  

Posted at 10:31 AM in Attestation and Audit | | Comments (1)

| | |

January 21, 2010

Will Meaningful Use Applicants be audited? You bet they will!

Reference: Page 240 of the Proposed Rule from 12/30/2009

HHS Identifies a statement of direction indicating they will conduct selected reviews of providers who register for and receive incentive payments.  The reviews will validate eligibility as well as review components of the payment formulas. 

In the event of "overpayments" they will recoup based on incorrect or fradulent attestations, quality measures, cost data, patient data or any other submission ...

Prudent providers will maintain evidence of qualification for up to 10 years after when they register. 

To us, this sounds like HHS will be giving much more than lip service to criteria to qualify.  Couple this with the language (on page 47) that providers "demonstrate that they meet all of the objectives and measures" and a level of rigorous compliance tracking seems smart.  What do you think? 

Jay Fisher | @JayRFisher

Posted at 02:56 PM in Attestation and Audit | | Comments (0) | TrackBack (0)

| | |

For Email Marketing you can trust

Search

Meaningful Use Monitoring Software Webinars

Free e-Learning on Meaningful Use!

  • Managing Privacy and Security in Meaningful Use
    Jackie Ford, the Compliance Officer for our hypothetical health system, explains Sacred Heart's learnings and processes for documenting Privacy and Security requirements of Meaningful Use. This is a sample of the e-Learning available to Meaningful Use Monitor Subscribers!

Meaningful Use Monitor Subscription

Consultants - Interested in becoming a MUM Certified Business Partner and helping your clients achieve meaninful use?

 

Healthcare professionals - interested in getting a quick start on your meaningful use program?

 

Email us at: MUM@C3Partners.biz

Or call us at: 414-459-1690

Meaningful Use Monitoring Websites

Subscribe to Everything HITECH

DHHS Sites

Contributing Partners

Google Analytics Alternative

C3 Partners on LinkedIn