Health Information Compliance Alert

Published on Tue Oct 24, 2017 PDF

Are you worried about your practice health IT? Do you need that extra push to put a security plan in place to protect your practice CEHRT? October is National Cybersecurity Awareness Month (NCSAM), and the OCR wants you to put your cyberhealth on the front line of your practice objectives.

"NCSAM provides an opportunity to review cybersecurity tips, both generally and related specifically to ePHI," said the HHS Office for Civil Rights (OCR) in its September 2017 Cybersecurity Newsletter. The agency also noted that it's a great time "to review the obligations of HIPAA covered entities and business associates to protect ePHI," too.

From news about the diverse ways hackers are hurdling healthcare to advice on how to assess and analyze risks while implementing and managing comprehensive, cyber secure compliance programs - the HHS-OCR encourages providers and their IT staffs to put cybersecurity first this October.

Resource: Check out the HHS-OCR September 2017 Cybersecurity Newsletter at, www.hhs.gov/sites/default/files/hipaa-cyber-awarness-monthly-issue-september-2017.pdf.

Say Goodbye to Popular ICD-10 Mapping Tool

ICD-10-2018 went live as of Oct. 1, and for the last time Medicare will help you out with the transition with General Equivalence Mappings (GEMs).

"This is the last year that the GEMs will be produced," the CMS notes.

To see links to the GEMs and other information, visit www.cms.gov/Medicare/Coding/ICD10/2018-ICD-10-CM-and-GEMs.html.

Sign Up Now for MIPS Virtual Groups Before the Deadline

With the best intentions to aid and assist smaller practices adapt to the pressures of the Quality Payment Program (QPP), MACRA mandated Virtual Groups in its 2017 final rule a year ago. This past June, CMS published its 2018 proposals for MACRA in what the agency is calling the "Quality Payment Program Year 2," vaguely outlining and defining a "virtual" option available for providers who fall under the Merit-Based Incentive Payment System (MIPS).

The 2018 MACRA proposed rule presents the option for smaller practices to join up and submit MIPS measures together as a larger Virtual Group. "Our goal is to make it as easy as possible for Virtual Groups to form no matter where the group members are located or what their medical specialties are," the QPP Year 2 fact sheet says.

Here is a quick overview of what CMS proposes:

• Practices with 10 or fewer providers can now enter into agreements to submit jointly, with all participants receiving the same MIPS score.
• Virtual Groups offer small or solo practices the opportunity to pool costs and other resources, making it easier and less expensive to aggregate their information. Each practice could end up with higher reimbursements and better patient care than if they went at it alone.
• Joining a Virtual Group also lowers certain requirements, including those for your Advancing Care Information (ACI) base score and your Clinical Practice Improvement Activities (CPIA).

Deadline: The window to apply for a Virtual Group for 2018 is now open. Interested providers have until Dec. 1, 2017 to send in an application for the 2018 performance period, noted the MLN Connects from Oct. 19.

Resource: For information about the Virtual Groups' deadline and election toolkit, visit www.cms.gov/Outreach-and-Education/Outreach/FFSProvPartProg/Provider-Partnership-Email-Archive-Items/2017-10-19-eNews.html.

New Proposal from VA Hopes to Improve Veterans' Care with HIT Upgrades

The Veterans Coordinated Access & Rewarding Experiences (CARE) Act was proposed to both the Senate and House Veterans Affairs' (VA) Committees on Oct.16. The VA proposal plans to upgrade and improve the healthcare experience of Veterans.

"We want Veterans to work with their VA physicians to make informed decisions that are best for their clinical needs, whether in the VA or in the community, and this bill does just that, while strengthening VA services at the same time," said VA Secretary David J. Shulkin, MD in a release on the presentation.

Some of the proposed health IT improvements include "workforce tools," enhanced business processes, and streamlined efforts to assist both providers and Veterans, suggests the VA release.

Read the Veterans Affairs release at: www.va.gov/opa/pressrel/pressrelease.cfm?id=2963.

New OCR Tools Assist Covered Entities with HIT and HIPAA

Patient privacy and security remain challenges for healthcare providers and their staffs with the evolving risks and challenges. The HHS Office for Civil Rights wants to help.

The new HHS-OCR guidance addresses common issues created by the HIPAA Privacy and Security rules and their impacts on health IT. The materials available on the Health.IT.gov site include "Privacy Rule guidance documents as part of a Privacy and Security Toolkit to implement The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (Privacy and Security Framework)," noted the online resource.

The HHS-OCR hopes the tools "facilitate the electronic exchange of health information" related to privacy as well as give "HIPAA-covered entities insight into the Security Rule and assistance with implementation of the security standards," the HHS-OCR explained.

Some highlights of the new guidance include: "Openness and Transparency Principle and FAQs; Security 101 for Covered Entities; and Security Standards: Implementation for the Small Provider."

Resource: To look at the new HHS-OCR offerings and more advice from the Office of the National Coordinator for Health Information Technology (ONC), visit www.healthit.gov/policy-researchers-implementers/hipaa-and-health-it.