Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

2 Major Problems with MACRA

Posted on May 4, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Everyone’s started to dive into the 10 million page MACRA (that might be an exaggeration, but it feels about that long) and over the next months we’ll be sure to talk about the details a lot more. However, I know that many healthcare organizations are tired of going through incredibly lengthy regulations before they’re final. Makes sense that people don’t want to go through all the details just for them to change.

As I look at MACRA from a very high level, I see at least two major problems with how MACRA will impact healthcare.

Loss of EHR Innovation
First, much like meaningful use and EHR certification, MACRA is going to suck the life out of EHR development teams. For 2-3 years, EHR roadmaps have been nothing but basically conforming to meaningful use and EHR certification. Throw in ICD-10 development for good measure and EHR development teams have basically had to be coding their application to a government standard instead of customer requests and unique innovations.

Just today I heard the Founder of SOAPware, Randall Oates, MD, say “I’m grieving MACRA to a great degree.” He’s grieving because he knows that for many months his company won’t be able to focus on innovation, but will instead focus on meeting government requirements. In fact, he said as much when he said, “We don’t have the liberty to be innovative and creative.” And no, meeting government regulations in an innovative way doesn’t meet that desire.

I remember going to lunch with a very small EHR vendor a year or so ago. I first met him pre-meaningful use and he loved being able to develop a unique EHR platform that made a doctor more efficient. He kept his customer base small so that he could focus on the needs of a small group of doctors. Fast forward to our lunch a year or so ago. He’d chosen to become a certified EHR and make it so his customers could attest to meaningful use. Meaningful use made it so he hated his EHR development process and he had lost all the fire he’d had to really create something beautiful for doctors.

The MACRA requirements will continue to suck the innovation out of EHR vendors.

New Layers of Work With No Relief
When you look at MACRA, we have all of these new regulations and requirements, but don’t see any real relief from the old models. It’s great to speak hypothetically about the move to value based reimbursement, but we’re only dipping our toe in those waters and so we can’t replace all of the old reimbursement requirements. In some ways it makes sense why CMS would take a cautious approach to entering the value based world. However, MACRA does very little to reduce the burden on the backs of physicians and healthcare organizations. In fact, in many ways it adds to their reporting burden.

Yes, there was some relief offered when it comes to meaningful use moving from the all or nothing approach and a small reduction in the number of measures. However, when it comes to value based reimbursement, MACRA seems to just be adding more reporting burdens on doctors without removing any of the old fashioned fee for service requirements.

MACRA is not like ICD-10. Once ICD-10 was implemented you could see how ICD-9 and the skills required for that coding set will eventually be fully replaced and you won’t need that skill or capability anymore. The same doesn’t seem to be true with value based care. There’s no sign that value based care will be a full replacement of anything. Instead, it just adds another layer of complexity, regulation, and reporting to an already highly regulated healthcare economic system.

This is why it’s no surprise that many are saying that MACRA will be the end of small practices. At scale, they’re onerous. Without scale, these regulations can be the death of a practice. It’s not like you can stop doing something else and learn the new MACRA regulations. No, MACRA is mostly additive without removing a healthcare organization’s previous burdens. Watch for more practices to leave Medicare. Although, even that may not be a long term solution since most commercial payers seem to follow Medicare’s lead.

While I think that CMS and the people that work there have their hearts in the right place, these two problems have me really afraid for what’s to come in health IT. EHR vendors the past few months were finally feeling some freedom to listen to their customers and develop something new and unique. I was excited to see how EHR vendors would make their software more efficient and provide better care. MACRA will likely hijack those efforts.

On the other side of the fence, doctors are getting more and more burnt out. These new MACRA regulations just add one more burden to their backs without removing any of the ones that bothered them before. Both of these problems don’t paint a pretty picture for the future of healthcare.

The great part is that MACRA is currently just a proposed rule. CMS has the opportunity to fix these problems. However, it will require them to take a big picture look at the regulation as opposed to just looking at the impact of an individual piece. If they’re willing to focus MACRA on the big wins and cut out the parts with questionable or limited benefits, then we could get somewhere. I’m just not sure if Andy Slavitt and company are ready to say “Scalpel!” and start cutting.

Has MU Been Useful? A Review of MU and Merit-Based Incentives – Breakaway Thinking

Posted on March 16, 2016 I Written By

The following is a guest blog post by Lori Balstad, Learning and Development Specialist at The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
Lori Balstad
Is it really the end of Meaningful Use? According to Andy Slavitt, Acting Administrator for the Centers for Medicare and Medicaid Services (CMS), it’s time for a change in incentive programs and 2016 may be the year for it. Alternative Payment Models and Merit-based Incentive Payments (MIPS) as part of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) may be replacing the complicated layers of requirements in Stage 1, 2, and 3 of Meaningful Use.

While CMS works on rolling out a new set of regulations, you may be wondering if this will ease the lingering pain of the past years. Will the program be easier to understand, navigate, and comply with?

First, let’s do a quick review:

CMS’s Meaningful Use Incentive program was rolled out in 2011 to incentivize eligible professionals and hospitals to adopt electronic health records (EHRs).

The goal was three-fold:

  • Improve quality, safety, efficiency, and reduce health disparities
  • Increase patient engagement and satisfaction
  • Improve care coordination, and population and public health

Stage 1 dealt with data capture and sharing, Stage 2 focused on advance clinical processes, and Stage 3 was to bring us to improving healthcare outcomes.

Achieving these goals is not an easy or quick process, but there have been many noteworthy accomplishments. As of 2015, 95 percent of all eligible and critical access hospitals have demonstrated meaningful use of certified health IT through participation in the CMS EHR Incentive Programs. Ninety-eight percent of all hospitals have demonstrated meaningful use and/or adopted, implemented or upgraded any EHR. As of January 2016, more than 484,000 health care providers received payment for participating in the Medicare and Medicaid EHR Incentive Programs, according to the CMS.

There have also been bumps along the way. Clinical quality reporting is controversial due to unrefined standards and a lack of a comprehensive strategy around the measures. Providers struggle to balance healthcare reform efforts with patient engagement and education under Stage 2. Eligibility determination issues in the CMS website threatened some physicians and other eligible professionals with Medicare payment penalties in 2015. Physicians are at the point where the regulations are so difficult that they feel like they are unable to focus on patient care.

So what’s next?

CMS has been working closely with physicians and healthcare organizations to address their needs and concerns, and plans to share the new regulations this spring under MACRA. They will work towards keeping the original ideologies while establishing new critical principles. The most important improvement will be moving away from incentivizing providers for the mere use of the technology towards the actual outcomes achieved with their patients. Other goals include allowing for flexibility to customize health IT to ensure physicians are supported instead of distracted.

Meaningful Use is not going away, just the way it’s measured and incentivized. Moving toward quality outcomes instead of measuring technology adoption levels will hopefully move us closer to the original goals of Meaningful Use. It all comes back to what physicians and healthcare organizations do on a daily basis – strive to provide the best possible care for patients.

Xerox is a sponsor of the Breakaway Thinking series of blog posts. The Breakaway Group is a leader in EHR and Health IT training.

Meaningful Use Is Going to Be Replaced – #JPM16

Posted on January 12, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Big news came out today during the JP Morgan annual healthcare conference in San Francisco. Andy Slavitt, acting administrator of CMS, live tweeted his own talk at the event including this bombshell:


Technically meaningful use is not quite over, but it’s heading that way. We always read about lame duck head coaches in sports. I guess this is the version of a lame duck government program? Of course, this is just coming from the acting administrator of CMS. It’s not yet law. So, all those working on meaningful use reports, keep working.

The end of meaningful use as we know it will be generally welcome news to most in healthcare. Although, I’m sure that most will also take it with a grain of salt. Many in healthcare likely worry that the “something better” that replaces meaningful use and MACRA will actually be something worse. The cynics might argue that nothing could be worse, but I’ve never seen the government back down from that challenge.

What interests me is what levers they have available to them to be able to make changes. Can they do it without congressional action? Are doctors angry enough that congress will take action? What will happen to the remaining $10-20 billion allocated to meaningful use? What will hospitals and doctors that were counting on the meaningful use money do? Will they not get it anymore or will it be available in a new program? Obviously, there are more questions than answers at this point.

All in all, I’m glad to hear that Andy Slavitt is open to change. I suggested they blow up meaningful use a couple years ago.

Andy also did a tweetstorm to outline the 4 themes for reforming the MACRA and post-MU tech program:

These all seem surprisingly reasonable and mirror many of the comments I hear from doctors. However, the challenge is always in the implementation of these ideas. Some of them are very hard to track and reward. I can’t argue with the principles though. They highlight some of the major challenges associated with healthcare tech. It’s going to take some time to infuse entrepreneurship instead of regulation back into the EHR world, but these guidelines are a good step towards that effort.

UPDATE: Here’s the full text of Andy Slavitt’s talk at the JP Morgan Healthcare Conference.

The Healthcare Penalties Are Coming!!

Posted on April 3, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We all know about the Meaningful Use penalties. The PQRS penalties. The Value Based Modifier penalties. Individually, they’d all be annoying, but I don’t think most healthcare organizations have understood what these penalties will be in aggregate.

This hit home to me when I was reading a smartly titled post by Jim Tate called “What you don’t do in 2015 will cause 9% CMS penalties in 2017” Here’s how he describes the penalties that are in store for healthcare:

MU: Failing to achieve MU in 2014 will bring a 2% penalty beginning in 2016 with a 1% annual increase up to 5%.

Physician Quality Reporting System (PQRS): Non-participation brings a Medicare reimbursement reduction of 2.0% in 2016 based on 2014 data.

Value-Based Modifier(VBM): The VBM, which many providers are not aware of, is linked to PQRS. Beginning in 2016, eligible providers (EPs) in groups with 10 or more EPs will be subject to a penalty based on performance. In 2017, this will include all EPs, not just those in larger groups.

Taken together, this adds up to a 9% penalty in 2017 based on 2015 participation.
To avoid these penalties, immediately assess your current participation in the MU, PQRS, and VBM programs. If you are not on track you must take steps to mitigate your risk as soon as possible.

Risk mitigation is the right way to describe it. As I mentioned in the beginning, I don’t think that many providers are planning ahead to avoid these penalties. I also don’t think they realize the long term consequences of the choices they make today.

Thanks Jim for waking us up to the reality.

Are Changes to Meaningful Use Certification Coming?

Posted on February 10, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’d been meaning to write about the now infamous letter from the AMA and 20 other associations and organizations to Karen DeSalvo (ONC Chair and Assistant HHS Secretary). I’ve put a list of the organizations and associations that co-signed the letter at the bottom of this post. It’s quite the list.

In the letter they make these recommended changes to the EHR certification program:

1. Decouple EHR certification from the Meaningful Use program;
2. Re-consider alternative software testing methods;
3. Establish greater transparency and uniformity on UCD testing and process results;
4. Incorporate exception handling into EHR certification;
5. Develop C-CDA guidance and tests to support exchange;
6. Seek further stakeholder feedback; and
7. Increase education on EHR implementation.

Unfortunately, I don’t think that many of these suggestions can be done by Karen and ONC. For example, I believe it will take an act of Congress in order to decouple EHR certification from the meaningful use program. I don’t think ONC has the authority to just change that since they’re bound by legislation.

What I do think they could do is dramatically simplify the EHR certification requirements. Some might try to spin it as making the EHR certification irrelevant, but it would actually make the EHR certification more relevant. If it was focused on just a few important things that actually tested the EHR properly for those things, then people would be much more interested in the EHR certification and it’s success. As it is now, most people just see EHR certification as a way to get EHR incentive money.

I’ll be interested to see if we see any changes in EHR certification. Unfortunately, the government rarely does things to decrease regulation. In some ways, if ONC decreases what EHR certification means, then they’re putting their colleagues out of a job. My only glimmer of hope is that meaningful use stage 3 will become much more simpler and because of that, EHR certification that matches MU stage 3 will be simpler as well. Although, I’m not holding my breathe.

What do you think will happen to EHR certification going forward?

Organizations and Associations that Signed the Letter:
American Medical Association
AMDA – The Society for Post-Acute and Long-Term Care Medicine
American Academy of Allergy, Asthma and Immunology
American Academy of Dermatology Association
American Academy of Facial Plastic
American Academy of Family Physicians
American Academy of Home Care Medicine
American Academy of Neurology
American Academy of Ophthalmology
American Academy of Otolaryngology—Head and Neck Surgery
American Academy of Physical Medicine and Rehabilitation
American Association of Clinical Endocrinologists
American Association of Neurological Surgeons
American Association of Orthopaedic Surgeons
American College of Allergy, Asthma and Immunology
American College of Emergency Physicians
American College of Osteopathic Surgeons
American College of Physicians
American College of Surgeons
American Congress of Obstetricians and Gynecologists
American Osteopathic Association
American Society for Radiology and Oncology
American Society of Anesthesiologists
American Society of Cataract and Refractive Surgery and Reconstructive Surgery
American Society of Clinical Oncology
American Society of Nephrology
College of Healthcare Information Management Executives
Congress of Neurological Surgeons
Heart Rhythm Society
Joint Council on Allergy, Asthma and Immunology
Medical Group Management Association
National Association of Spine Specialists
Renal Physicians Association
Society for Cardiovascular Angiography and Interventions
Society for Vascular Surgery

Meaningful Use Audit Advice

Posted on January 30, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In response to my post on Meaningful Use Audits and the Inconsistent Appeals Process, Todd Searls. Executive Director at Wide River LLC, offered this interesting meaningful use audit advice on LinkedIn:

We’ve assisted numerous clinics and hospitals through their audits, and you’re absolutely correct John. Those clinics that have the people and processes already in place, this ends up (most of the time), being a non -issue, just time consuming. However, we have clients that have undergone significant changes since 2011 and now that they are being audited, the changes are coming back to haunt them since tracking MU documentation through the changes may not have been the highest priority.

Even those clinics that have the right documentation are now finding that they shouldn’t just mail the documents in bulk to the auditors unless they’ve spent time creating a good summary document which clearly defines each and every appendix document being sent. Case in point, we had one clinic call us to help them with their appeal for a failed audit. When we engaged we spent a few hours trying to determine why they failed the audit since the documents they had on file to support their attestation were excellent. Then we reviewed how they sent them in (in just one mass mailing with no cover letter or explanation beyond a title for each document (ie, In Reference to Measure 2)).

Once we created a clear cover letter and resubmitted, they were notified very quickly that their appeal was successful. The clinic had mixed feelings – great that they passed, but unhappy about having to ‘mind-read’ the preferred format that the auditor was looking for. Right or wrong, many clinics are in the same place – frustrated with the process.

I don’t know anyone who enjoys an audit. However, an audit can at least be bearable if it’s clear what’s expected in the audit. I think we’re going to have a lot more stories about meaningful use audits coming down the pipe. Hopefully Todd’s advice helps some who run into a meaningful use audit.

CMS Listens to Those Calling for a 90 Day Meaningful Use Reporting Period

Posted on January 29, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I think that most of us in the industry figured this was just a matter of time, but it’s nice that we were right and CMS is working to modify the requirements and reporting periods for meaningful use. I imagine they heard all the many voices that were calling for a change to meaningful use stage 2 and it’s just taken them this long to work through the government process to make it a reality.

Before I act like this change is already in place, CMS was very specific in the wording of their announcement about their “intent to modify requirements for meaningful use” and their “intent to engage in rulemaking” in order to make these “intended” changes. Basically they’re saying that they can just change the rules. They have to go through the rule making process for these changes to go into effect. That said, I don’t think anyone doubts that this will make it through the rule making process.

Here’s the modifications that they’re proposing:

  1. Shortening the 2015 reporting period to 90 days to address provider concerns about their ability to fully deploy 2014 Edition software
  2. Realigning hospital reporting periods to the calendar year to allow eligible hospitals more time to incorporate 2014 Edition software into their workflows and to better align with other quality programs
  3. Modifying other aspects of the programs to match long-term goals, reduce complexity, and lessen providers’ reporting burden

They also added this interesting clarification and information about the meaningful use stage 3 proposed rule:

To clarify, we are working on multiple tracks right now to realign the program to reflect the progress toward program goals and be responsive to stakeholder input. Today’s announcement that we intend to pursue the changes to meaningful use beginning in 2015 through rulemaking, is separate from the forthcoming Stage 3 proposed rule that is expected to be released by early March. CMS intends to limit the scope of the Stage 3 proposed rule to the requirements and criteria for meaningful use in 2017 and subsequent years.

I think everyone will welcome a dramatic simplification of the meaningful use program. The above 3 changes will be welcome by everyone I know.

In the email announcement for this, they provided an explanation for why they’re doing these changes:

These proposed changes reflect the Department of Health and Human Services’ commitment to creating a health information technology infrastructure that:

  • Elevates patient-centered care
  • Improves health outcomes
  • Supports the providers who care for patients

Personally, I think they saw the writing on the wall and it wasn’t pretty. Many organizations were going to opt out of meaningful use stage 2. These changes were needed and necessary for many organizations to continue participating in meaningful use. They believe meaningful use will elevate patient-centered care, improve health outcomes, and support the providers who care for patients. I’m glad they finally chose to start the rulemaking process to make the changes. I think many that started meaningful use can still benefit from the rest of the incentive money and will be even happier to avoid the penalties.

A Meaningful Use Update

Posted on November 6, 2014 I Written By

The following is a guest post by Barry Haitoff, CEO of Medical Management Corporation of America.
Barry Haitoff
We’re deep in the heart of meaningful use. Every organization has likely evaluated their participation in meaningful use and knows their path forward. While the meaningful use program is quite mature, the regulations are still shifting as various organization push forward their agendas. It’s important to keep an eye on these shifts so you can plan appropriately for your organization. Here are three meaningful use items you should keep an eye on since they could have a significant impact on your clinic:

Flex-IT Act – For those not familiar with this act, it would change the attestation period for meaningful use stage 2 from 365 days to only 90 days. This act is being backed by some very strong healthcare organizations including a call from the AMA, CHIME, HIMSS, and MGMA to make this change. As is noted by these organizations, very few hospitals have attested to meaningful use stage 2 and only 2 percent of eligible providers have attested to meaningful use stage 2 so far (they do have until the end of February).

If the meaningful use stage 2 numbers continue on this trend, CMS will need to do something or risk having the program be labeled a failure. It’s hard to predict what will happen (or not happen) in Washington, but the pressure to change the meaningful use stage 2 reporting periods to 90 days is growing. Poor meaningful use stage 2 attestation numbers could very well push this issue over the edge.

EHR Penalty Hardship Exemption – In case you missed it, CMS reopened the meaningful use hardship exception period. Originally you had to file for a meaningful use hardship exception by July 1, 2014, but you now have until November 30, 2014 to apply for an exception. This is a big deal for those who likely didn’t know they’d need an exception for meaningful use.

While this exception is related to the EHR certification flexibility (ie. your EHR vendor software isn’t ready for you to implement and attest), many have wondered if we won’t see more ways for organizations to avoid the coming meaningful use penalties. These prognosticators suggest that if meaningful use stage 2 numbers continue to be as awful as what’s described above, it’s possible that the government will provide some relief from the meaningful use penalties. As of now, the meaningful use penalties are coming, so you better be prepared.

AMA’s Meaningful Use Letter – The AMA has a strong political voice in Washington and they’ve recently decided to tackle meaningful use head on. They’ve put their efforts into a Meaningful Use Blueprint that calls for more flexibility in the meaningful use program. Without going into all the line by line details, the AMA is asking CMS to:

  • Adopt a More Flexible Approach to Meaningful Use and move away from the current All or Nothing approach to Meaningful Use
  • Align the quality measures, reporting burden and overlapping penalties that exist across programs (Meaningful Use, PQRS, Value Based Reimbursement, etc)
  • Focus Meaningful Use and EHR certification on key areas like Interoperability

None of these issues have been put into action by CMS or ONC yet, but I believe this blueprint provides the framework for the AMA’s lobbying efforts. Therefore, it’s a strong indicator of where the meaningful use program might be going. I expect the majority of these suggestions would be welcome by doctors unless they’ve already gone off the meaningful use deep end and given up on meaningful use altogether. However, you don’t want to be caught flat footed if and when changes to the meaningful use program occur.

Security Risk Assessment
This is not really a change to meaningful use, but a reminder that many organizations have not paid appropriate attention to the HIPAA security risk assessment which is required as part of meaningful use. Far too many organizations check this check box during their meaningful use attestation without actually doing a proper security risk assessment. This is coming back to haunt many organizations during their meaningful use audit.

In case you missed it, you might want to start with the Security Risk Analysis Myths and Facts that EMR and HIPAA posted previously. It covers such topics as security risk analysis’ being optional (they’re not) and your installed certified EHR takes care of your risk analysis (more is required). This CMS FAQ offers more details on what needs to be done to meet this meaningful use requirement. For example, you need to do a security risk analysis ever year you attest to meaningful use. Make sure you take the time to do an appropriate risk assessment of your organization.

What other meaningful use trends and changes do you see on the horizon? What other things should we be considering as we plan our meaningful use future?

Medical Management Corporation of America, a leading provider of medical billing services, is a proud sponsor of EMR and HIPAA.

RIP CCHIT

Posted on October 29, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

CCHIT announced that it was ending 10 years of service.

Today, the Certification Commission for Health Information Technology (CCHIT) announced that it is winding down all operations beginning immediately. All customers and business colleagues have been notified, CCHIT staff is assisting in transitions, and all work will be ended by November 14, 2014.

Alisa Ray made these comments in the announcement:

“We are concluding our operations with pride in what has been accomplished”, said Alisa Ray, CCHIT executive director. “For the past decade CCHIT has been the leader in certification services, supported by our loyal volunteers, the contribution of our boards of trustees and commissioners, and our dedicated staff. We have worked effectively in the private and public sectors to advance our mission of accelerating the adoption of robust, interoperable health information technology. We have served hundreds of health IT developers and provided valuable education to our healthcare provider stakeholders.”

“Though CCHIT attained self-sustainability as a private independent certification body and continued to thrive as an authorized ONC testing and certification body, the slowing of the pace of ONC 2014 Edition certification and the unreliable timing of future federal health IT program requirements made program and business planning for new services uncertain. CCHIT’s trustees decided that, in the current environment, operations should be carefully brought to a close”, said Ray.

The announcement also said that CCHIT would be donating its remaining assets to the HIMSS Foundation. Makes sense since HIMSS kind of gave them a partial home the past few months as they tried to save the jobs of the many who worked at CCHIT. Credit should go to Alisa Ray for all she did to try and give those who worked at CCHIT a soft landing.

Long, long time readers of this blog will remember my long blog posts talking about CCHIT and the lack of value that they provided the EHR industry. I believed then and even now that EHR certification was more of a tax on the industry than it was something that provided value to the market. They told me it provided some assurance to the purchaser of the EHR, but I never saw such assurances.

Once EHR certification was made part of meaningful use and the HITECH act, it basically made CCHIT irrelevant. Although, I still think that EHR certification in its current state doesn’t provide value to organizations and I’d love to see it go away. Sadly, there’s some legislation which is pushing the opposite direction.

While I disagreed with CCHIT’s approach to EHR certification and the value they provided, I do think there were good people who worked there that had good intentions even if we disagreed on the approach. I hope they all land somewhere great.

CMS’ HIPAA Risk Analysis Myths and Truths

Posted on October 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been writing about the need to do a HIPAA Risk Assessment since it was included as part of meaningful use. Many organizations have been really confused by this requirement and no doubt it will be an issue for many organizations that get a meaningful use audit. It’s a little ironic since this really isn’t anything that wasn’t already part of the HIPAA security rule. Although, that illustrates how well we’re doing at complying with the HIPAA security rule.

It seems that CMS has taken note of this confusion around the HIPAA risk assessment as well. Today, they sent out some more guidance, tools and resources to hopefully help organizations better understand the Security Risk Analysis requirement. Here’s a portion of that email that provides some important clarification:

A security risk analysis needs to be conducted or reviewed during each program year for Stage 1 and Stage 2. These steps may be completed outside OR during the EHR reporting period timeframe, but must take place no earlier than the start of the reporting year and no later than the end of the reporting year.

For example, an eligible professional who is reporting for a 90-day EHR reporting period in 2014 may complete the appropriate security risk analysis requirements outside of this 90-day period as long as it is completed between January 1st and December 31st in 2014. Fore more information, read this FAQ.

Please note:
*Conducting a security risk analysis is required when certified EHR technology is adopted in the first reporting year.
*In subsequent reporting years, or when changes to the practice or electronic systems occur, a review must be conducted.

CMS also created this Security Risk Analysis Tipsheet that has a lot of good information including these myths and facts which address many of the issues I’ve seen and heard:
CMS HIPAA Security Risk Analysis Myths and Facts

Finally, it’s worth reminding people that the HIPAA Security Risk Analysis is not just for your tech systems. Check out this overview of security areas and example measures to secure them to see what I mean:
CMS HIPAA Security Risk Analysis Overview

Have you done your HIPAA Risk Assessment for your organization?