Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Great Meaningful Use and Eligible Providers Chat

Posted on April 29, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently received an email from a regular reader, Dr. Mike, who owns a single specialty ortho group. In the email Dr. Mike talks about the challenges that Eligible Providers (EPs) are facing with meaningful use stage 2. He describes the story as falling on “deaf ears” at CMS and ONC. He also offered these stats on meaningful use to illustrate his case that meaningful use is a failure:

Only 38,472 have attested to Stage 2, My guess is that only about half actually did Stage 2 as there was the Stage 1 reprieve. Even so, that is only 18% of EPs have successfully attested which is an complete failure of MU.

Then, he asked me an important question:

Someone ask CMS and ONC the tough questions please…Now what are they going to do?

In response to him, I told him that I’d been talking about the challenge that meaningful use is for doctors for quite a while. However, I also told him that most hospitals are participating in meaningful use, so “we’ll see how that plays out.” What I meant is that in the meaningful use program we now have one group (EPs) that are not doing so well with meaningful use and their hospital counterparts that are relying on the millions in EHR incentive money (not to mention avoiding the penalties).

Then I answered his important question, “I can tell you what ONC and CMS are going to do. Spin It!”

Of course, Dr. Mike is great at engaging in conversation so he offered this reply:

1. Elizabeth Myers and the rest of CMS and ONC really did try to spin every bad number and “we cannot assess the numbers yet” was a constant theme.
2. I totally agree they will continue to try to spin the numbers or ignore them as long as possible. I’m not sure why they cannot face the truth about MU.
3. The 36K that did MU 2 are the cream of the crop. I would even argue that the other 82% are the cream also as they were the early adopters and gung ho about MU. The fact that 82% of the over achieving EPs have skipped out on MU 2 is a travesty. There is NO chance ONC and CMS is going to pull in the lagging EPs.
4. If you don’t know already, I own a single specialty Ortho group and we skipped MU completely after we saw the MU 2 rules. Proposed MU 3 just help us box it up and bury it.

I have no idea why ONC and CMS cannot let go of the program, let EHR vendors actually work with EPs for all the thing we are missing from our IT (usability, safety, security, efficiency). Right now we cannot do anything to customize our workflow or improve our experience as it will potentially decertify the EHR for MU. MU sucks all the air out of the room. EHRs right now are a billing and click box for MU system with a marginal clinical system slapped on…

Its about time ONC lets the market do its thing, instead of this constant objective, measures, menu, core, numerators, denominators, attesting, auditing disaster they created.

Once EPs leave the program, they are not coming back. So this should be a big deal for ONC and CMS.

I haven’t gone in and fact checked his numbers (I’d love to hear if you have different numbers), but the emotion in his comments is something I’ve heard from many providers. In fact, I’ve heard it from many EHR vendors. They’re tired of coding their EHR software to the test and the government regulations as well. They want to do more innovative things, but the government regulations are stifling their ability to do it. Resources only go so far.

I think we’re in the early days of provider discontent with meaningful use. However, it’s starting to boil. I’ll be interested to see what happens when it boils over. I’m predicting that will happen once many of these doctors start seeing the penalties hit their pocketbooks.

The Healthcare Penalties Are Coming!!

Posted on April 3, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We all know about the Meaningful Use penalties. The PQRS penalties. The Value Based Modifier penalties. Individually, they’d all be annoying, but I don’t think most healthcare organizations have understood what these penalties will be in aggregate.

This hit home to me when I was reading a smartly titled post by Jim Tate called “What you don’t do in 2015 will cause 9% CMS penalties in 2017” Here’s how he describes the penalties that are in store for healthcare:

MU: Failing to achieve MU in 2014 will bring a 2% penalty beginning in 2016 with a 1% annual increase up to 5%.

Physician Quality Reporting System (PQRS): Non-participation brings a Medicare reimbursement reduction of 2.0% in 2016 based on 2014 data.

Value-Based Modifier(VBM): The VBM, which many providers are not aware of, is linked to PQRS. Beginning in 2016, eligible providers (EPs) in groups with 10 or more EPs will be subject to a penalty based on performance. In 2017, this will include all EPs, not just those in larger groups.

Taken together, this adds up to a 9% penalty in 2017 based on 2015 participation.
To avoid these penalties, immediately assess your current participation in the MU, PQRS, and VBM programs. If you are not on track you must take steps to mitigate your risk as soon as possible.

Risk mitigation is the right way to describe it. As I mentioned in the beginning, I don’t think that many providers are planning ahead to avoid these penalties. I also don’t think they realize the long term consequences of the choices they make today.

Thanks Jim for waking us up to the reality.

The Future Of…Patient Engagement

Posted on March 19, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the #HIMSS15 Blog Carnival which explores “The Future of…” across 5 different healthcare IT topics.

Healthcare has a major challenge when it comes to the term “Patient Engagement.” $36 billion of government money and something called meaningful use has corrupted the word Patient Engagement. While meaningful use requires “5% patient engagement”, that’s a far cry from actually engaging with patients. Anyone that’s attested to meaningful use knows what I mean.

As we move past meaningful use, what then will patient engagement actually look like?

When I start to think about the future of patient engagement, I’m taken back to my experience with a new primary care provider that’s trying to Restore Humanity to Healthcare (see Restore Humanity to Healthcare part 2 as well). In this case, I’m exploring the idea of unlimited primary care along with a primary care team that includes a doctor, but also includes a wellness coordinator that’s interested in my wellness and not just my presenting problem.

Once you take the payment portion out of primary care, it dramatically changes the equation for me. Gone are the fears of going to the doctor because you don’t want to pay the co-pay. Gone are the days where a doctor needs to see you in the office in order to be able to make money from the visit. With unlimited primary care, an email, phone call or text message that solves the problem is a great solution for the doctor and the patient.

Of course, this model of primary care is only one example of the shift that’s going to drive us to patient engagement. ACOs and value based care models are going to require a much deeper relationship between doctors and patients. Trust me that 5% patient engagement through an online portal isn’t going to be enough in these new models.

Plus, these new models are going to really convert our current sick care system into a true healthcare system. I like to call this new model “Treating Healthy Patients.” Quite frankly we’re not ready for this change right now, but in the future we’ll have to adapt. The biggest change is going to be in how we define “patient” and “healthy.”

The wave of connected medical devices and innovation are going to completely reframe how we look at health. Instead of describing ourselves as healthy, the data will tell us that we’re all sick. We’re just at different points in the continuum of sickness.

In the future, patient engagement will be the key to treating each of us individually. The symptoms will change from coughing and vomiting to 85% risk for diabetes and 76% risk for a heart attack. We thought we had patient compliance issues when someone is coughing and vomiting (ie. something they want to fix). Now imagine patient compliance challenges when the patient isn’t feeling any pain, but they need to change something in order to avoid some major health problem.

I think this describes perfectly why we’re entering one of the most challenging times in healthcare. It’s a dramatic shift in how we think about healthcare and has a new set of more challenging problems that we’ve never solved. One of the keys to solving these new challenges is patient engagement.

An EHR Focused On Customer Requests, Not MU

Posted on February 4, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I love taking email exchanges I have with practicing doctors and making their comments into posts. This is one of those cases. The following is a quote from an email I got from a physician friend of mine about his EHR (EHR name removed):

Every time we turn around these days our EHR vendor is adding some new update. Sometimes the updates change the format of how the system appears and functions, sometimes they don’t. Unfortunately, the people who are still chasing after all the crazy government hoops to jump through and those who are not are all forced to deal with the same EHR software system. I really wish there was a separate system with no crazy upgrades that would function the same way that the system did two years ago. That was a much simpler and more commonsensical system. It’s a really sad case of the government says jump and software systems say how high?

I believe this physician has stopped taking Medicare patients and has happily avoided meaningful use. However, as the above comments illustrate, he hasn’t avoided a lot of the impact that meaningful use has had on the design of his EHR system. Plus, that doesn’t even count all the great new features that this doctor could have gotten from his EHR if they weren’t busy turning on all the MU requirements including the MU reporting and tracking.

His comments about wanting a system that isn’t influenced by MU requirements is quite interesting since Pri-Med (the company that acquired Amazing Charts) has announced an EHR product called InLight EHR that’s not certified and doesn’t do MU. The press release says the EHR is designed for Direct Primary Care. This is a really interesting move by them, and my doctor friend above illustrates why an EHR software that’s not MU certified could work.

One challenge to this idea is that a lot of doctors can’t shun Medicare and meaningful use. So, they’ll need to continue with the EHR that are still chasing the government carrot and avoiding the stick. We’ll see how these different EHR markets evolve.

Meaningful Use Audit Advice

Posted on January 30, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In response to my post on Meaningful Use Audits and the Inconsistent Appeals Process, Todd Searls. Executive Director at Wide River LLC, offered this interesting meaningful use audit advice on LinkedIn:

We’ve assisted numerous clinics and hospitals through their audits, and you’re absolutely correct John. Those clinics that have the people and processes already in place, this ends up (most of the time), being a non -issue, just time consuming. However, we have clients that have undergone significant changes since 2011 and now that they are being audited, the changes are coming back to haunt them since tracking MU documentation through the changes may not have been the highest priority.

Even those clinics that have the right documentation are now finding that they shouldn’t just mail the documents in bulk to the auditors unless they’ve spent time creating a good summary document which clearly defines each and every appendix document being sent. Case in point, we had one clinic call us to help them with their appeal for a failed audit. When we engaged we spent a few hours trying to determine why they failed the audit since the documents they had on file to support their attestation were excellent. Then we reviewed how they sent them in (in just one mass mailing with no cover letter or explanation beyond a title for each document (ie, In Reference to Measure 2)).

Once we created a clear cover letter and resubmitted, they were notified very quickly that their appeal was successful. The clinic had mixed feelings – great that they passed, but unhappy about having to ‘mind-read’ the preferred format that the auditor was looking for. Right or wrong, many clinics are in the same place – frustrated with the process.

I don’t know anyone who enjoys an audit. However, an audit can at least be bearable if it’s clear what’s expected in the audit. I think we’re going to have a lot more stories about meaningful use audits coming down the pipe. Hopefully Todd’s advice helps some who run into a meaningful use audit.

CMS Listens to Those Calling for a 90 Day Meaningful Use Reporting Period

Posted on January 29, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I think that most of us in the industry figured this was just a matter of time, but it’s nice that we were right and CMS is working to modify the requirements and reporting periods for meaningful use. I imagine they heard all the many voices that were calling for a change to meaningful use stage 2 and it’s just taken them this long to work through the government process to make it a reality.

Before I act like this change is already in place, CMS was very specific in the wording of their announcement about their “intent to modify requirements for meaningful use” and their “intent to engage in rulemaking” in order to make these “intended” changes. Basically they’re saying that they can just change the rules. They have to go through the rule making process for these changes to go into effect. That said, I don’t think anyone doubts that this will make it through the rule making process.

Here’s the modifications that they’re proposing:

  1. Shortening the 2015 reporting period to 90 days to address provider concerns about their ability to fully deploy 2014 Edition software
  2. Realigning hospital reporting periods to the calendar year to allow eligible hospitals more time to incorporate 2014 Edition software into their workflows and to better align with other quality programs
  3. Modifying other aspects of the programs to match long-term goals, reduce complexity, and lessen providers’ reporting burden

They also added this interesting clarification and information about the meaningful use stage 3 proposed rule:

To clarify, we are working on multiple tracks right now to realign the program to reflect the progress toward program goals and be responsive to stakeholder input. Today’s announcement that we intend to pursue the changes to meaningful use beginning in 2015 through rulemaking, is separate from the forthcoming Stage 3 proposed rule that is expected to be released by early March. CMS intends to limit the scope of the Stage 3 proposed rule to the requirements and criteria for meaningful use in 2017 and subsequent years.

I think everyone will welcome a dramatic simplification of the meaningful use program. The above 3 changes will be welcome by everyone I know.

In the email announcement for this, they provided an explanation for why they’re doing these changes:

These proposed changes reflect the Department of Health and Human Services’ commitment to creating a health information technology infrastructure that:

  • Elevates patient-centered care
  • Improves health outcomes
  • Supports the providers who care for patients

Personally, I think they saw the writing on the wall and it wasn’t pretty. Many organizations were going to opt out of meaningful use stage 2. These changes were needed and necessary for many organizations to continue participating in meaningful use. They believe meaningful use will elevate patient-centered care, improve health outcomes, and support the providers who care for patients. I’m glad they finally chose to start the rulemaking process to make the changes. I think many that started meaningful use can still benefit from the rest of the incentive money and will be even happier to avoid the penalties.

Meaningful Use Created A Big Need for Certified MAs

Posted on December 26, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of the changes that as best I can tell has come from meaningful use (if there are other forces at play, I’d love to hear them) is the push to use certified MAs. A whole cottage industry has sprung up around certifying MAs. In fact, I even know some EHR vendors who are certifying MAs because it’s such an important need.

Now when I say need, I use that word lightly. It’s a need because meaningful use requires that many of the MAs be certified in order for that MA to participate in many aspects of the meaningful use program. The EHR vendors that are doing it likely don’t want to be in this business at all. However, for their customers to be successful with meaningful use, they need their MAs to be certified.

Certainly there are ways for a doctor to attest to meaningful use without using certified MAs. For example, if you use RNs, then their RN certification is sufficient to meet the needs of meaningful use. Plus, you can have MAs do some tasks in the office that aren’t impacted by meaningful use. However, if you’re using an MA in your office and want to attest to meaningful use, you probably need to have that MA certified.

I’ll admit that I’m not an expert on the MA certification, but I can’t imagine that this new MA certification improves the quality of care that a patient receives in the office. I’d love to be proven wrong on this. Does your office provide better patient care because you know have a group of certified MAs as opposed to non-certified MAs? I just don’t see a short certification like the one that’s required making a huge difference.

Chalk this up to one more layer of bureaucracy and hoop jumping that’s required for a clinic. When will we start really focusing on the value of something? Is there a value to these certified MAs that I’m missing? If so, I’d love to hear about it.

A Meaningful Use Update

Posted on November 6, 2014 I Written By

The following is a guest post by Barry Haitoff, CEO of Medical Management Corporation of America.
Barry Haitoff
We’re deep in the heart of meaningful use. Every organization has likely evaluated their participation in meaningful use and knows their path forward. While the meaningful use program is quite mature, the regulations are still shifting as various organization push forward their agendas. It’s important to keep an eye on these shifts so you can plan appropriately for your organization. Here are three meaningful use items you should keep an eye on since they could have a significant impact on your clinic:

Flex-IT Act – For those not familiar with this act, it would change the attestation period for meaningful use stage 2 from 365 days to only 90 days. This act is being backed by some very strong healthcare organizations including a call from the AMA, CHIME, HIMSS, and MGMA to make this change. As is noted by these organizations, very few hospitals have attested to meaningful use stage 2 and only 2 percent of eligible providers have attested to meaningful use stage 2 so far (they do have until the end of February).

If the meaningful use stage 2 numbers continue on this trend, CMS will need to do something or risk having the program be labeled a failure. It’s hard to predict what will happen (or not happen) in Washington, but the pressure to change the meaningful use stage 2 reporting periods to 90 days is growing. Poor meaningful use stage 2 attestation numbers could very well push this issue over the edge.

EHR Penalty Hardship Exemption – In case you missed it, CMS reopened the meaningful use hardship exception period. Originally you had to file for a meaningful use hardship exception by July 1, 2014, but you now have until November 30, 2014 to apply for an exception. This is a big deal for those who likely didn’t know they’d need an exception for meaningful use.

While this exception is related to the EHR certification flexibility (ie. your EHR vendor software isn’t ready for you to implement and attest), many have wondered if we won’t see more ways for organizations to avoid the coming meaningful use penalties. These prognosticators suggest that if meaningful use stage 2 numbers continue to be as awful as what’s described above, it’s possible that the government will provide some relief from the meaningful use penalties. As of now, the meaningful use penalties are coming, so you better be prepared.

AMA’s Meaningful Use Letter – The AMA has a strong political voice in Washington and they’ve recently decided to tackle meaningful use head on. They’ve put their efforts into a Meaningful Use Blueprint that calls for more flexibility in the meaningful use program. Without going into all the line by line details, the AMA is asking CMS to:

  • Adopt a More Flexible Approach to Meaningful Use and move away from the current All or Nothing approach to Meaningful Use
  • Align the quality measures, reporting burden and overlapping penalties that exist across programs (Meaningful Use, PQRS, Value Based Reimbursement, etc)
  • Focus Meaningful Use and EHR certification on key areas like Interoperability

None of these issues have been put into action by CMS or ONC yet, but I believe this blueprint provides the framework for the AMA’s lobbying efforts. Therefore, it’s a strong indicator of where the meaningful use program might be going. I expect the majority of these suggestions would be welcome by doctors unless they’ve already gone off the meaningful use deep end and given up on meaningful use altogether. However, you don’t want to be caught flat footed if and when changes to the meaningful use program occur.

Security Risk Assessment
This is not really a change to meaningful use, but a reminder that many organizations have not paid appropriate attention to the HIPAA security risk assessment which is required as part of meaningful use. Far too many organizations check this check box during their meaningful use attestation without actually doing a proper security risk assessment. This is coming back to haunt many organizations during their meaningful use audit.

In case you missed it, you might want to start with the Security Risk Analysis Myths and Facts that EMR and HIPAA posted previously. It covers such topics as security risk analysis’ being optional (they’re not) and your installed certified EHR takes care of your risk analysis (more is required). This CMS FAQ offers more details on what needs to be done to meet this meaningful use requirement. For example, you need to do a security risk analysis ever year you attest to meaningful use. Make sure you take the time to do an appropriate risk assessment of your organization.

What other meaningful use trends and changes do you see on the horizon? What other things should we be considering as we plan our meaningful use future?

Medical Management Corporation of America, a leading provider of medical billing services, is a proud sponsor of EMR and HIPAA.

Karen DeSalvo and Jacob Reider Leave ONC

Posted on October 24, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: It seems that DeSalvo will still be National Coordinator of Healthcare IT along with her new position.

It’s been a tumultuous few months for ONC and it’s just gotten even more tumultuous. We previously reported about the departures of Doug Fridsma MD, ONC’s Chief Science Officer, Joy Pritts, the first Chief Privacy Officer at ONC, and Lygeia Ricciardi, Director of the Office of Consumer eHealth, and Judy Murphy, Chief Nursing Officer (CNO) from ONC. Yesterday, the news dropped that Karen DeSalvo, ONC’s National Coordinator, and Jacob Reider, ONC’s Deputy National Coordinator, are both leaving ONC as well.

Karen DeSalvo has been tapped by HHS Secretary Sylvia Mathews Burwell to replace Wanda K. Jones as assistant secretary of health which oversees the surgeon general’s office and will be working on Ebola and other pressing health issues. I think DeSalvo’s letter to staff describes it well:

As you know, I have deep roots and a belief in public health and its critical value in assuring the health of everyone, not only in crisis, but every day, and I am honored to be asked to step in to serve.

DeSalvo’s always been a major public health advocate and that’s where her passion lies. Her passion isn’t healthcare technology. So, this change isn’t surprising. Although, it is a little surprising that it comes only 10 months into her time at ONC.

The obvious choice as Acting National Coordinator would have been Jacob Reider who was previously Acting National Coordinator when Farzad Mostashari left. However, Reider also announced his decision to leave ONC:

In light of the events that led to Karen’s announcement today–it’s appropriate now to be clear about my plans, as well. With Jon White and Andy Gettinger on board, and a search for a new Deputy National Coordinator well underway, I am pleased that much of this has now fallen into place–with only a few loose ends yet to be completed. I’ll remain at ONC until late November, working closely with Lisa as she assumes her role as Acting National Coordinator.

As Reider mentions, Lisa Lewis who is currently ONC’s COO will be serving as Acting National Coordinator at ONC.

What’s All This Mean?
There’s a lot of speculation as to why all of these departures are happening at ONC. Many people believe that ONC is a sinking ship and people are doing everything they can to get off the ship before it sinks completely. Others have suggested that these people see an opportunity to make a lot more money working for a company. The government certainly doesn’t pay market wages for the skills these people have. Plus, their connections and experience at ONC give them some unique qualifications that many companies are willing to pay to get. Some have suggested that the meaningful use work is mostly done and so these people want to move on to something new.

My guess is that it’s a mix of all of these things. It’s always hard to make broad generalizations about topics like this. For example, I already alluded to the fact that I think Karen DeSalvo saw an opportunity to move to a position that was more in line with her passions. Hard to fault someone for making that move. We’d all do the same.

What is really unclear is the future of ONC. They still have a few years of meaningful use which they’ll have to administer including the EHR penalties which could carry meaningful use forward for even longer than just a few years. I expect ONC will still have money to work on things like interoperability. We’ll see if ONC can put together the patient safety initiative they started or if that will get shut down because it’s outside their jurisdiction.

Beyond those things, what’s the future of ONC?

CMS’ HIPAA Risk Analysis Myths and Truths

Posted on October 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been writing about the need to do a HIPAA Risk Assessment since it was included as part of meaningful use. Many organizations have been really confused by this requirement and no doubt it will be an issue for many organizations that get a meaningful use audit. It’s a little ironic since this really isn’t anything that wasn’t already part of the HIPAA security rule. Although, that illustrates how well we’re doing at complying with the HIPAA security rule.

It seems that CMS has taken note of this confusion around the HIPAA risk assessment as well. Today, they sent out some more guidance, tools and resources to hopefully help organizations better understand the Security Risk Analysis requirement. Here’s a portion of that email that provides some important clarification:

A security risk analysis needs to be conducted or reviewed during each program year for Stage 1 and Stage 2. These steps may be completed outside OR during the EHR reporting period timeframe, but must take place no earlier than the start of the reporting year and no later than the end of the reporting year.

For example, an eligible professional who is reporting for a 90-day EHR reporting period in 2014 may complete the appropriate security risk analysis requirements outside of this 90-day period as long as it is completed between January 1st and December 31st in 2014. Fore more information, read this FAQ.

Please note:
*Conducting a security risk analysis is required when certified EHR technology is adopted in the first reporting year.
*In subsequent reporting years, or when changes to the practice or electronic systems occur, a review must be conducted.

CMS also created this Security Risk Analysis Tipsheet that has a lot of good information including these myths and facts which address many of the issues I’ve seen and heard:
CMS HIPAA Security Risk Analysis Myths and Facts

Finally, it’s worth reminding people that the HIPAA Security Risk Analysis is not just for your tech systems. Check out this overview of security areas and example measures to secure them to see what I mean:
CMS HIPAA Security Risk Analysis Overview

Have you done your HIPAA Risk Assessment for your organization?