On August 4, the Department of Health and Human Services (HHS) Office of the Secretary published a final rule to implement the mandated delay of the International Classification of Diseases, 10th Revision (ICD-10) until October 2015.
In April 2014, the Protecting Access to Medicare Act of 2014 (PAMA, the latest “SGR patch”) mandated that ICD-10 could not be adopted under HIPAA prior to the next fiscal year. The August 4 final rule officially moves the ICD-10 adoption deadline up to October 1, 2015, the first possible date allowed under the revised statute. The explanatory preamble of the final rule includes statistics asserting that most stakeholders are ready now, strongly hinting at a reluctant HHS.
On August 4, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a report addressing the HHS Office of the National Coordinator for HIT’s (ONC) oversight of the testing and certification of EHR technology. The OIG’s two primary concerns, based on a review of the requirements and processes of the now-defunct Temporary Certification Program (replaced at the end of 2012 by the permanent “ONC HIT Certification Program”), were the lack of periodic review of certified products and insufficient log-in/security within certified products.
Interestingly, the report recommended that ONC work with the National Institute of Standards and Technology (NIST) to enhance the product log-in/security requirements via the test procedures for labs and certification bodies that review HIT products. This recommendation was peculiar, and perhaps a little alarming, in that the test procedures are mere guidance for how the responsible bodies should test products against ONC’s EHR certification criteria regulations. The NIST-developed (and future stakeholder-developed), ONC-approved test procedures are not, themselves, the regulatory requirements. ONC would not be able to use the test tools to implement more stringent security in certified products than what is required by ONC’s EHR certification criteria regulations in 45 CFR Part 170.
The OIG’s recommendation, then, indicates the authors do not fully understand the nuances of ONC’s regulations and processes governing the testing and certification of EHR technology—the very subject of their review. That could be a reflection of the confusing complexity of the program (and, for that matter, all things Meaningful Use), or something else (political pressure, etc.) could have resulted in this rare misfire from OIG.
ONC’s official response to the report described the differences between the old Temporary Certification Program, upon which the OIG report is based, and the current HIT Certification Program. It also mentioned the current program features various pre- and post-certification product evaluation processes. Importantly, ONC correctly recognized that enforcing more stringent log-in/security requirements for HIT products would require a rulemaking to revise the federal regulations before making those changes to the guidance for testing labs and certification bodies.
Several American College of Radiology members have inquired about the Centers for Medicare and Medicaid Services (CMS) and Office of the National Coordinator for HIT (ONC) May 23, 2014 proposed rule to allow continued use of 2011 Edition certified EHR technology to comply with the Medicare EHR Incentive Program in calendar year (CY) 2014. The program’s regulations currently require eligible professionals to use 2014 Edition certified products in CY 2014.
The ONC’s 2014 Edition EHR certification criteria regulations for HIT products were published in September 2012. A few months later, vendors were able to submit ready products to the testing labs and certification bodies for 2014 Edition certification. Eligible professionals could opt to use 2014 Edition certified products to comply with Meaningful Use (MU) beginning in CY 2013, and the new certification status became mandatory in CY 2014. Most HIT products were not ready to be 2014 Edition certified in time for prior MU participants to take advantage of that flexibility in CY 2013 due to their yearlong reporting period. However, new MU participants only had a 90-day reporting period in CY 2013, and thus were encouraged to implement 2014 Edition certified products instead of implementing 2011 Edition products (to avoid having to upgrade again so soon).
As CY 2013 wore on, it became clear that many vendors who had commercially successful 2011 Edition certified products were not getting new versions of those products updated and submitted for testing/certification in a timely fashion. By the time most vendors were ready, there was an alleged backlog of products in the testing and certification pipeline, which apparently caused more delays.
CMS and ONC soon realized that many prior MU participants were unable to implement 2014 Edition certified versions of the products they used before in time to demonstrate MU in CY 2014. So, in March 2014, CMS announced a new significant hardship exception for prior participants who had experienced vendor issues in 2014. Then, in May 2014, CMS and ONC published the proposed rule to (potentially, if finalized) allow participants to use their old certified software.
The May proposed rule was extremely late; perhaps too late to make a practical difference. The 60-day public comment period for the proposed rule will close on July 21, after which the agencies will need to review the comment submissions, develop the final rule, go through internal and Administration review, and get it published in the Federal Register before the beginning of the fourth quarter of CY 2014 (the last opportunity to begin a special reporting period). This part of the federal rulemaking process usually takes a few months at best, even when prioritized and expedited, and a significant portion of the time prior to a final rule’s publication is in the hands of reviewers in the Department and the Office of Management and Budget—not in the hands of those writing the rule at the agency level.
This promises to be one of the fastest conventional notice-and-comment rulemakings in recent CMS memory, but only time will tell if it will eventually be effective in helping physicians. Essentially, CMS and ONC are relying on MU participants to take a massive business risk and make implementation/participation plans based on a proposed (not final) rule, subject to change. Given the tight timing, it would have been preferable for the agencies to implement this via a Direct Final Rule (although DFRs are risky because they require there to be no substantive adverse comments), or even better, via an Interim Final Rule (IFRs merely require good cause to forgo the NPRM process). The agencies could have also held a minimum 30-day instead of a 60-day public comment period to expedite the rulemaking, considering it is unlikely they will get anything but support from the main stakeholder communities of eligible professionals, eligible hospitals, and vendors.
The question I often get is: if these proposed changes are eventually finalized without modification, would it help? I believe the timing is so short that it will only aid those who have previously participated in MU using 2011 Edition certified products (i.e., those products have already been implemented), and have no alternative compliance options in the fourth quarter of CY 2014 other than to cross their fingers and plan for the final rule’s new flexibility before it exists. That said, it would be risky and imprudent to advise anyone to make compliance plans based on a proposed (not final) rule.
On July 3, the American College of Radiology (ACR) submitted comments to the Food and Drug Administration (FDA), Federal Communications Commission (FCC), and Office of the National Coordinator for HIT (ONC) regarding the agencies’ report on a proposed strategy for a risk-based regulatory framework for health IT. The agencies were mandated by a provision in the FDA Safety and Innovation Act of 2012 (FDASIA) to draft recommendations that appropriately balanced HIT safety with innovation and avoided overlapping jurisdictions.
The report called for a risk-based, three tier categorization scheme for HIT functionality. FDA would continue to regulate the highest risk “medical device” IT functionality as before, and would not expand into new areas of oversight. ONC, in collaboration with the private sector and a future public-private HIT Safety Center, would promote HIT safety through non-regulatory activities for the middle tier “health management” IT functionality. Functionality in the lowest risk “administrative” category (billing systems, etc.) would not be a safety concern.
The ACR participated in several federal efforts leading up to the proposed framework, including the FDA’s mobile medical applications guidance activities in previous years and a FDA-FCC-ONC meeting addressing the FDASIA HIT report in May 2014.
According to recently released Medicare/Medicaid EHR Incentive Program data from the Centers for Medicare and Medicaid Services (CMS), 4576 diagnostic radiologists, 1513 radiation oncologists, 210 interventional radiologists, and 92 nuclear medicine physicians have attested to at least one year of Meaningful Use (MU) as of the end of 2013.
Only 16 diagnostic radiologists—in what appears to be at least four locations—used 2014 Edition certified EHR technology for MU in calendar year (CY) 2013.
The file was posted on May 31 and the metadata was updated on February 28. It is unclear if the data set also contains the March 2014 attestations for CY 2013 reporting periods. As you may recall, CMS extended the attestation deadline by one month for CY 2013 reporting periods.
Earlier today, the Office of the National Coordinator for HIT (ONC) released an update to the 2014 Edition Test Method that supports the testing and certification of health IT products used in the Medicare/Medicaid EHR Incentive Program. Specifically, the test procedure for the key “automated numerator recording/automated measure calculation” certification criterion was modified. Also updated were the test data associated with that procedure, and the test data associated with the procedure for the “data portability” criterion.
While primarily meant for testing labs and certification bodies, the 2014 Test Method is also an important resource for industry because it essentially shows how functionality will be tested against ONC’s various certification criteria. This allows for more efficacious planning prior to product submission.
Earlier today, the HHS Office of the National Coordinator for HIT (ONC) announced the release of its paper, “Connecting Health and Care for the Nation: A 10-Year Vision to Achieve an Interoperable Health IT Infrastructure.” The paper broadly covers issues and activities pertaining to interoperability and identifies five general building blocks for a nationwide interoperable HIT Infrastructure:
- Core technical standards and functions: ONC will use its existing Standards and Interoperability (S&I) Framework to enable the volunteer standards development community to advance core standards for terminology, content and format, transport, and security.
- Certification to support adoption and optimization of health IT products and services: ONC will use its HIT certification program and certification criteria regulations to enhance interoperability on a broad scale.
- Privacy and security protections for health information: ONC will identify and resolve weaknesses/gaps in privacy and security in various exchange models and invest in methods that support distributed analytics and open evidence without sharing PHI.
- Supportive business, clinical, cultural, and regulatory environments: ONC will work with stakeholders to resolve the ever-present cultural and business barrier to health information exchange.
- Rules of engagement and governance: Through standards, policies, and services, ONC will facilitate trust and interoperability across various networks and stakeholders.
The building blocks were informed in part by ONC’s March 2013 Request for Information (RFI) on advancing interoperability and health information exchange. ACR submitted comments in response to that RFI on April 15, 2013.