NC Medicaid Electronic Health Record (EHR) Incentive Program Announcements

<p>The NC Medicaid EHR Incentive Payment System&nbsp;is only accepting Program Year 2019 Stage 3 Meaningful Use&nbsp;attestations.</p>

Author: NC Medicaid, NCMedicaid.HIT@dhhs.nc.gov

NC-MIPS is Open for Program Year 2019

The NC Medicaid EHR Incentive Payment System (NC-MIPS) is only accepting Program Year 2019 Stage 3 Meaningful Use (MU) attestations.

To participate in Program Year 2019, all eligible professionals (EPs) must meet the following eligibility criteria:

  1. Have a 2015 Edition of certified EHR technology (CEHRT).
  2. Meet the required Medicaid patient volume (PV) threshold of 30 percent, pediatricians may qualify for a reduced payment with 20 percent Medicaid PV. Note: EPs who were paid for Program Year 2018 using a 90-day patient volume reporting period from calendar year 2018 have the option to use the same patient volume reporting period to attest for Program Year 2019.
  3. Meet MU and Clinical Quality Measures (CQM) requirements. In Program Year 2019, EPs will be attesting to Stage 3 MU and 2019 CQMs.

EPs who successfully attested at least once by Apr. 30, 2017 and have not received all six incentive payments may be eligible to apply for Program Year 2019. A list of all EPs who have participated at least once, but less than six years, in the NC Medicaid EHR Incentive Program is available under the “Are You Eligible” tab on the Program website. If a practice is unsure of an EP’s past participation and that EP is not on the list, please email the EP’s NPI to NCMedicaid.HIT@dhhs.nc.gov and program staff will determine if the provider previously attested in another state.

EPs can get free on-site assistance in their office from a coach from their regional Area Health Education Center (AHEC). The NC Medicaid EHR Incentive Program contracts with AHEC to provide technical assistance on meaningful use and the attestation process, so there is no cost to the EP or practice.

Attestation assistance is also available through detailed attestation guides, an extensive library of answers to Frequently Asked Questions (FAQs), a series of short webinars explaining different aspects of the attestation process and a dedicated help desk.

Last Month to Submit a Two-Part Attestation

The last day to submit a two-part attestation for Program Year 2019 is Dec. 31, 2019.

All EPs who have 90 days of MU objective data that meets the Centers for Medicare and Medicaid Services’ (CMS) requirements may submit their demographic, license, patient volume and MU objective data in NC-MIPS.

In Program Year 2019, EPs who have successfully attested to MU in a previous program year will be required to use a full calendar year CQM reporting period. Returning meaningful users who would like an early review of requirements, excluding CQMs, may submit their attestation in two parts. Part 1 of the attestation may be submitted through Dec. 31, 2019. Submitting in two parts also allows ample time for EPs to address any attestation discrepancies. These EPs will return to NC-MIPS after Jan. 1, 2020 to submit their CQM data.

EPs who have only attested to Adopt, Implement, Upgrade (AIU), may use a 90-day CQM reporting period and may submit a complete attestation in NC-MIPS now.

EPs will be automatically directed to the appropriate page in NC-MIPS.

For more information on the two-part attestation process, please email NCMedicaid.HIT@dhhs.nc.gov.

The Security Risk Analysis (SRA)

States must comply with federal requirements to ensure EPs who attest for EHR incentive payments do so in accordance with CMS’ rules and regulations. The NC Medicaid EHR Incentive Program Investigation Team serves the purpose of detecting improper payments and takes corrective action in the case improper payments were issued. All EPs who receive an EHR incentive payment are subject to audit and must keep all documentation supporting their attestation for six years post-payment. 

NC Medicaid EHR Incentive Program Investigators are sharing tips from CMS to prepare for Objective 1: Protect Patient Health Information. Per CMS, to meet this objective, “EPs must attest YES to conducting or reviewing a Security Risk Analysis (SRA) and implementing security updates as necessary and correcting identified security deficiencies to meet this measure.”

Every EP must include, at minimum, the following five items in her/his SRA. These items must be completed during the calendar year of her/his MU reporting period:

  1. Define the scope of the risk analysis.
  2. Identify potential threats and vulnerabilities to patient privacy.
  3. Describe how to protect against potential threats (physical, administrative, and technical safeguards).
  4. Review and update the risk analysis on a periodic basis.
  5. Develop a corrective action plan.
     

EPs selected for audit who cannot provide documentation that their SRA included the above five items will fail the audit and will be required to return the incentive payment received for that program year.

Please note, SRAs are not synonymous to a practice’s operating procedures or policies. The SRA is an independent security review and analysis of an individual or practice’s EHR.

The U.S. Department of Health and Human Services (DHHS) has developed an SRA Toolkit which provides suggestions for implementing an effective means for safeguarding electronic protected health information and further guidance to be in compliance with the risk analysis requirements..

DHHS’ Office for Civil Rights (OCR) and the Office of the National Coordinator (ONC) created an SRA tool, which, when completed, satisfies the objective’s requirements. Program Investigators recommend EPs review DHHS’ guidance, and/or complete the SRA tool, prior to attesting to ensure compliance.

For more information about the SRA view the four-minute webinar or email NCMedicaid.HITInvestigator@dhhs.nc.gov.

Clarification from CMS Regarding Objective 5 Measure 1: Patient Electronic Access

The Centers for Medicare and Medicaid Services (CMS) has recently provided clarification outside of the specification sheet for their intent of Stage 3 Meaningful Use’s Objective 5, Measure 1. For more information on the eight Stage 3 MU objectives, please see CMS’ specification sheets. In an email sent to states on Oct. 29, 2019, CMS specified the purpose of Objective 5, Measure 1 is to ensure that eligible professionals (EP) make a patient’s health data available and offer all four functionalities (view, download, transmit and access through API) within 48 hours of the information being available to the EP.

Objective 5, Measure 1 reads:

     “For more than 80 percent of all unique patients seen by the EP:

     (1) The patient (or the patient-authorized representative) is provided timely access to view online, download, and transmit his or her health information; and

     (2) The provider ensures the patient’s health information is available for the patient (or patient-authorized representative) to access using any application of their choice that is configured to meet the technical specifications of the Application Programming Interface (API) in the provider’s certified electronic health record technology (CEHRT).”

CMS is giving EPs flexibility on meeting the second part of Measure 1 for Program Year 2019 only. EPs may meet the second part of Measure 1 if they meet all of the following requirements:

  • Enable an API during the calendar year of the reporting period.
  • Make data available via that API for 80% of the patients seen during their reporting period.
  • Provide those patients with detailed instructions on how to authenticate their access through the API and provide the patient with supplemental information on available applications that leverage the API.
  • Maintain availability of the API; i.e., it can’t be turned on for one day and then disabled.

EPs should maintain all documentation for at least six years in case of post-payment audit.

General Reminders

EPs who attested with another state should email NCMedicaid.HIT@dhhs.nc.gov prior to attesting with North Carolina for Program Year 2019.

Related Topics: