Healthcare Connection

CMS Meaningful Use Reporting Requirements Update

Sept. 26, 2017


By Raj Chaudhary, CGEIT, CRISC, and William S. Patterson, CPA, CISA, CISSP

CMS Meaningful Use Reporting Requirements Update The Centers for Medicare & Medicaid Services (CMS) published a final rule on Aug. 2, 2017, revising requirements for eligible professionals, eligible hospitals, and critical access hospitals participating in Medicare and Medicaid electronic health record (EHR) incentive programs. These programs encourage eligible parties to implement, adopt, and use certified EHR technology in a meaningful way in order to improve the quality, safety, and efficiency of patient healthcare.

Significant Revisions

The final rule updates, effective Oct. 1, 2017, are intended to increase flexibility and reduce reporting burdens for providers and to focus on using technology and exchanging health information to support patient care. These are among the most significant revisions to the final rule:

  • Meaningful use (MU) EHR reporting period requirements for 2018 are affirmed to a minimum of any continuous 90-day period during the calendar year.
  • CMS will not require hospitals to meet MU stage three objectives and measures until 2019.
  • Hospitals and critical access hospitals will have the option to report modified stage two objectives and measures for the 2018 reporting period.
  • An organization may obtain approval for a reporting exception where its EHR technology was decertified under the Office of the National Coordinator for Health IT Certification Program. In addition, healthcare providers can use either 2014 or 2015 certified EHR technology for reporting in 2018.
  • Electronic clinical quality measure (eCQM) reporting requirements for the 2017 Hospital Inpatient Quality Reporting Program will be reduced. Hospitals will be required to report on at least four self-selected eCQMs for a self-selected quarter of clinical quality measure (CQM) data.

Controls and Processes

A third party can help organizations establish controls and processes in the area of MU compliance and reporting, including:

  • Performing periodic monitoring of core and applicable menu set objectives for sustainment of MU measures, including planning, monitoring, and implementation of remaining MU stages and associated measures and requirements
  • Reporting MU initiatives and progress to management and governance
  • Performing periodic risk analyses and risk management activities for systems that store or process electronic protected health information to include the most up-to-date requirements
  • Monitoring certified EHR technology required configurations for security updates, MU report modifications, or other modifications that may affect achievement of MU requirements, and managing the formal request, assessment, approval, documentation, and testing of any such changes
  • Completing online attestation for the reporting period including entering MU measurement responses and required data and submitting CQMs for Medicare and Medicaid

New MU Reporting Options

The CMS revised final rule provides for more flexible MU reporting and shorter minimum reporting periods. Healthcare providers should revisit and align MU reporting strategies with the revised requirements to take advantage of MU reporting options not previously available.

Authors
chaudhary-raj-150
Raj Chaudhary
Leader, Cybersecurity
William S. Patterson