While Stage 1 meaningful use (MU) focused on gathering data and establishing electronic health records (EHRs), Stage 2 emphasizes exchanging patient information and coordination of care. There are many compliance requirements and penalties imposed if you do not meet them. Here are three things you need to know for sure.
1) You must meet 17 Core Objectives and 3 out of 6 Menu Objectives
There are 17 Core Objectives which focus mostly on sharing medical information by way of EHRs with other medical professionals as well as prescribing medications and ordering tests. In addition, patient portals must be provided for patients to access their medical records online, including their test results. You also need to choose three Menu Objectives from a list of six. CMS provides an individualized timeline you can use to determine where you are in the required MU process and what you need to do to meet the requirements.
2) Avoid penalties by applying for a hardship exception
Beginning in 2015, Medicare payments will be “adjusted,” which means reduced, for those who have not complied with the MU requirements. Compliance may be difficult, depending on the nature of your patients and location of our practice.
Medicare patients are often hesitant to use the Internet for making appointments or transmitting their health information. They are often uncomfortable with using an online message system with their physicians even when they are told it is secure. Physicians in rural practices may have difficulty finding the secured service they are required to have. An application for a hardship exception may be made to CMS by July 1, 2015. The application may be renewed annually for up to five years. Any of the following reasons may justify an exception:
There are other individual circumstances that may qualify you for an exception. Be sure to have your application in by the deadline or you will pay penalties beginning in 2016.
3) Prevent breaches in your data security
As a health care provider, you are aware of the Health Information Portability and Accountability Act (HIPAA) Privacy Rule and understand that the confidentiality of your patient medical records is of paramount importance. The Rule also limits what can be shared without patient consent.
In addition to the requirements to electronically share medical information with other providers and various reporting requirements, number 9 of the Stage 2 MU core objectives requires you to, “Protect electronic health information related or maintained by the Certified EHR Technology.” Number 17 requires you to: “Use secure electronic messaging to communicate with patients on relevant health information.”
No matter how safe you think your system is, breaches may still happen. Anthem Blue Cross/Blue Shield recently reported a breach in their system which affected nearly 80 million people. In addition to financial information, medical ID numbers were also compromised. Do not let this happen to you. There are serious financial penalties imposed for breaches considered serious.