Meaningful Use is far from Done

By | Uncategorized | No Comments

2015.09.21 - ReimbursementyIn the Stage 1 Federal Register, CMS mentions that incentive payments may be received until 2021. The Stage 2 Federal Register identifies increasing levels of Meaningful Use Compliance stages through 2021. Also, the Secretary of CMS has the authority to increase annual penalty percentages for each year. So there is statutory evidence to believe providers will be held accountable to Meaningful Use at least through that date.

We also know that auditors will be involved. MU creates a structure within which CMS can reduce Medicare costs by forcing penalties that will be paid out at least through 2023 (two years after the last year of Meaningful Use). Under current legislation, the Secretary of CMS is obligated to charge penalties of up to 3% of Medicare Reimbursement, and is permitted to increase those penalties to 5%, depending on market conditions.

Here’s a credible two-part speculation. Congress has stated that Meaningful Use of EHR is an important part of the Federal goals of Health Care effectiveness, cost reduction and access to information. The legislation charged CMS with continuously increasing the sophistication by which providers use their EHR technology, through the end of the current program.

  1. Speculation part #1 is that Congress could extend the Meaningful Use program to extend on through increasingly more sophisticated and rigorous usage as technology and internet infrastructures improve.
  2. Speculation part #2 is that CMS, in seeing the ability to assess penalties for non-compliance, could use Meaningful Use to reduce Medicare payments at least for some providers. Further, it is hard to imagine either Congress or CMS to rescind legislation that has the effect of reducing Medicare payments.

Even if Meaningful Use sunsets in its current legislative and regulatory authority, providers need to retain well-organized Meaningful Use data for six years (the audit period) after the last Meaningful Use Attestation has been filed, in 2021. However, we believe it is likely that once Meaningful Use has become institutionalized within CMS, and within the provider community, the program will be difficult to halt.

Every provider, regardless of whether they have “chosen” Medicare or Medicaid programs, will be subject to sustaining increasingly rigorous Meaningful Use status, or be subject to penalties; and are subject to audit over that period as well.

The Ticking Time Bomb of Meaningful Use

What’s the Ticking Time Bomb? The Bomb is Recoupment. It is delivered by CMS Auditors, and has a fuse that is up to six years long (although we will see a little later on that the length of the fuse could be changed at any time). What it means is that any money the government gave you could be taken away, at any time up to six years after you have spent it.

Although the Auditors deliver the bomb, the boom is really out of their hands. Any single trigger event, no matter how small, causes a full recoupment of any Stimulus paid in a year being audited. The Auditors simply look for triggers.

The triggers they look for are not necessarily whether a hospital or physician was compliant in a given year, but simply evidence showing proof of compliance. And therein lies the real issue. The Government (CMS) has never really defined what it takes to fully prove compliance, and in fact has actually issued a statement that they really can’t predict all the documentation that a provider should have.

What this means, is that Auditors are put in the position of making some impactful judgment calls. An auditor, in reviewing a Provider’s attestation of Meaningful Use from some time in the past, must decide whether the Provider can prove they were truly in compliance with each of 24 or 25 complex rules. Providers, although generally quite diligent in becoming compliant, have often been far less worried about the paperwork.

Here’s a good example. Let’s consider CPOE (Computerized Provider Order Entry). CPOE is neither more complex, nor less complex than most of the other rules, so it forms a good example. To fully understand CPOE, a diligent professional needs to read at least five separate documents. This simple four letter acronym is supported by 21 columns of fine print in the Stage 1 Federal Register, and another six columns of the Stage 2 Federal Register, eight FAQ’s (buried in a list of 300 on a CMS Website), and several pages of technology specifications in each of two separate issues of the Federal Register dedicated to what functionality a Certified EHR must have. Sound complicated yet? And yet it is quite common for a provider to rely on a single line item on a summary report from their EHR system that shows a single summary percentage.

Now, put yourself in an Auditor’s shoes for a moment. CMS has contracted with Auditors, under Congressional direction to be the steward for Program Integrity over Meaningful Use. After all, Congress authorized gross expenditures of over $30 Billion and they expect a couple things. First of all, they expect a return on that investment. That ROI should primarily consist of increased efficiencies in healthcare delivery (remember that on average, Congress pays for about 40% of healthcare in the form of Medicare and Medicaid claims). Since those efficiencies are, at best somewhere in the future, it will be impractical to try to measure ROI directly.

What this means is the Congress? stewards (the Auditors) have only one yardstick to use in measuring Program Integrity, and that yardstick is the body of regulation supporting Meaningful Use. Using CPOE as an example, an Auditor should be familiar with the entire body of regulations and use that familiarity to judge whether each provider was compliant with all of it. Auditors, being skeptical by nature (in fact, professional skepticism is actually a formal requirement of being a CPA), are unlikely in their Stewardship role, to accept a single line item on a summary report as evidence of compliance with any single rule so complex as CPOE.

What this means, is that when an audit happens, providers will be asked to produce documentation proving compliance with complex regulations, some of which have changed, using EHR Technology which almost certainly has changed, against patient data that is also time-sensitive. Further, some of what it means to be compliant with a rule will be quite hard to prove with a report. For CPOE, providers may be asked to prove that each entry was made by a licensed healthcare professional, and that it was input to the EHR in a sufficiently timely fashion that a physician could react to any alerts generated by the entry before the associated medications are administered.

Remember, the auditor has the right to expect this kind of proof.

Of course, the Auditor has some latitude. Some of their latitude is based on the normal judgment implicit in the job. Every day, Auditors have to decide how likely it is that their current target is to be non-compliant. Based on that judgment, each individual Auditor makes a choice to dig either deeply or shallowly. But even beyond that judgment call audit practices will be shaped by the policies and politics of their current client.

The Auditor’s client of course is the Federal Government, but the practicalities are a bit more complicated. CMS is part of the Executive Branch. But Meaningful Use is a recent invention of the Legislative branch, which continues to deploy their oversight agencies (GAO and OIG for starters), to make sure the Executives are administering the Congressional Mandate consistently with Congressional Intent. Does all this sound as if there could possibly be some conflicting agendas.

In 2013, the Executive Branch is eager to be part of Stimulating the Economy. Relative to Meaningful Use that translates into making sure as many providers as possible receive as much Stimulus Payment as possible. Congress, of course passed the law and is (largely) of the same mind. At the moment, anyway. But even so, Congress has already initiated multiple reviews of CMS’s administration of the Meaningful Use Program, and has at times been critical of some aspects.

All this plays into the Auditor’s latitude when reviewing proof of compliance. If Congress and/or the Executive Branch wanted to be sticklers on making sure every attestation was squeaky clean, the complexity of the regulations opens a lot of doors for denial of compliance, based on whether or not a provider, up to six years in the past, developed, organized and deployed adequate documentation to support attestation to a complex set of regulations, in a complex organization.

So far, Auditors seem to be taking the position of only looking for egregious or intentional non-compliance. Still, when faced with a lack of documentation, they have little latitude other than to judge a provider as non-compliant. In a case of non-compliance, CMS has little latitude other than to demand recoupment, based on the law passed by Congress.

The Ambiguity of Documentation Requirements

CMS has published over 1,600 pages defining and describing Meaningful Use. In none of those pages is there a definition of what documentation a provider is required to produce in the event of an audit. In spring of 2013, almost three years after passage of the Meaningful Use law, CMS finally published a five page briefing on how providers should document their compliance. While this booklet gives some direction, one single sentence puts providers on notice that they should expect no definitive structure, and that significant individual judgment is the only standard:

An audit may include a review of any of the documentation needed to support the information that was entered in the attestation. The level of the audit review may depend on a number of factors, and it is not possible to detail all supporting documents that may be requested as part of the audit.

As time passes, providers will share their experiences with audits. We will all learn more about what documentation techniques and strategies best mitigate audit risk, and what cost is reasonable to incur in developing defensive documentation. The problem will always be that today’s audit program is not necessarily tomorrow’s audit program. CMS’s policy is to review their audit program each calendar quarter and make adjustments, based on their success in defending program integrity.

It could be simple, in an environment of easy audits to assume that all future years will be equally as easy. The danger in this perspective is that CMS could decide, at any point, to reach back to the initial years of the Meaningful Use program and audit aggressively.

The Difficulty of Documenting Compliance

EHR’s are certified to be able to support Meaningful Use. Supporting Meaningful Use is quite a different story than proving it, though. Remember back to CPOE. In order to become Certified, an EHR is required to correctly calculate a percentage from a numerator and denominator. Certification testing does not extend to exhaustively proving that the population in either the numerator or the denominator is correct. In cases where hospitals (or even physician staff) use multiple EHR technologies during a reporting period, it is often necessary to combine data from multiple systems. We refer to this numerator / denominator calculation as the Certified EHR Report.

The Certified EHR Report is not in itself acceptable proof to an auditor that a provider is compliant for multiple reasons. First, it only shows summary statistics for each measure, and auditors are notorious for wanting to see the details making up those summaries. It is important to understand that there is no assumption that simply because software is certified, that its reported Meaningful Use percentages are accurate. The certification process is not required to exhaustively test for completeness or accuracy, but simply to verify that the EHR will create percentages.Second, the existence of a measure, even if accurate, does not in itself assure that the underlying processes were compliant. In one well-known case, a hospital officer was prosecuted for fraud when he loaded his Meaningful Use content into the EHR after patients were discharged from the hospital.

How Meaningful Use Audits differ from other compliance audits

Consider the example of Joint Commission Audits in hospitals. The auditor conducts a review, issues a report, and provides the opportunity for any procedural shortfalls to be remediated. The hospital corrects its documentation, and the actual non-compliant processes, then invites the auditor to return and verify. In the case of Meaningful Use, though, audits are always ?fter-the-fact, and it is not possible to correct a process that was flawed in a prior year. And if you can’t prove what your process was in a prior year, you may have difficulty refuting an auditor’s assertion of non-compliance.

What’s the bottom line? Even after all your providers have achieved compliance with all the Meaningful Use measures and requirements you will need to sustain a Meaningful Use compliance process, individual and database to support ongoing scrutiny from CMS or bear penalties based on reductions of your Medicare fee schedules from now on.

When a Doctor Is Always a Phone Call Away

By | Uncategorized | No Comments

 

A 39-year-old truck driver was hauling through the Midwest in the middle of the night in 2011 when he began to feel a bit of indigestion. Then a lot of indigestion. He pulled over, recalling that his company had recently signed on with Teladoc, for which I was then the chief medical officer. The service allowed him to get a doctor on the phone within 15 minutes. He called and described his symptoms: nausea, chest pain, a little numbness in his left arm. He was having a heart attack, and his GPS guided him to the nearest emergency room. Getting that doctor on the phone saved his life, and potentially the lives of whoever his 10-ton rig might have plowed into had he keeled over behind the wheel. If efficient and affordable quality treatment is the goal, telemedicine should be the future of health care. Read more at The Wall Street Journal.

Join Boxer and many other industry thought leaders at the HCEG Annual Forum, October 25-28th, in Hollywood, Florida. This year’s theme “Healthcare Evolution Revolution, Inquire Within” promises to provide a compelling agenda and constructive dialog on Consumer Engagement, Payment Reform and Delivery of Care.Email us for additional information.


2015 Annual Forum Logo - FINAL

Join thought leaders and industry experts for transformational dialog andpresentations at the HealthCare Executive Group’s Annual Forum.

Next Stage of Reimbursements

By | payer, payment, reimbursement | No Comments

2015.07.28 - ReimbursementyTo those of us who have been in the healthcare industry for more than a few years, the perennial discussion about moving away from fee-for-service is getting a bit tiresome when do we stop talking and start doing on a broad scale.

When we look back at the 1960’s (Medicare and Medicaid were passed in 1965), the story was about getting more dollars into the system to pay for the care of elderly and disadvantaged populations. Today, we’re in a serious hunt to find ways to wring dollars out of the system. And the journey we’ve taken with Medicare tells us a lot about what has happened and will happen in the commercial sector.

When Medicare was implemented we paid providers based on submitted charges what seems like a quaint and na’ve approach, but alternatives didn’t show up until 1972 (the HMO Act), with the first reimbursement reform appearing in 1989 when the first step toward non-charge based reimbursement was legislated for Medicare a requirement that professional providers be paid according to a relative value scale. Medicare HMOs didn’t appear until 1997. Every few years another tweak in benefits or payments was legislated, with 2003 bringing the first prescription drug coverage. 2008 started Medicare, tracked in large part by commercial health plans, down the road to mandated reporting on quality measures, federally-incented investments in EHRs, and penalties + payments to drive better, more cost-effective care.

Finally we capped off the decade with the passage of the Affordable Care Act which included not only reforms to the insurance business but various permanent programs to reduce overall costs and improve outcomes. As we look to 2016, when HHS plans to make 30% of its fee for service payments through alternative models and 85% of payments tied to quality or value, growing in 2018 to 50% and 90% respectively, it’s clear we’re moving into a serious doing phase.

For some expert thinking on what this doing phase looks like already and where it’s headed, please join us for our panel discussion From Concept to Reality: Practical Considerations of Implementing Alternative Reimbursement Models. To understand the doing phase, we need to listen to expert doers, and we will be privileged to hear from three of them.

Dr. DiLoreto will talk about how delivery systems are responding to new reimbursement models and provide his perspective on ways payers can work more effectively with their networks.

2015.07.28 - Reimbursementy PromoDan Tuteur will share his lessons from developing innovative reimbursement methods in a startup health plan forging brand new provider relationships.

Craig Samitt will talk about actualizing the vision of changing physician behavior by aligning incentives based on his personal experience.

After their respective brief presentations the panel will take your questions and engage in a lively discussion. Please do not miss this opportunity to listen to and talk about the real world of alternative reimbursement.

Why is Healthcare Security Now More Critical?

By | Security | No Comments

2015.06.07 - SecurityI’m not a security expert. I’m a strategy officer for a health plan. My job is to connect the dots on factors that could impact our strategic future. I have to say the dots related to privacy and security are threatening. Like many of you, I received emails from Marriott and American Express after the Epsilon breach years ago saying my credentials had been stolen. More recently, I’ve had similar messages from Sony, Target, Home Depot and others.
2015.06.07 - Security Webinar PromoThis year these dots directly impacted healthcare. My daughter, business colleagues and neighbors, along with 90 million other people, received Anthem and Premera letters giving them credit tracking and fraud insurance. CareFirst just had a 1.1 million member breach. And the OIG claims to have warned one of them that their information was at risk. This problem is not new. It has been on the MCEG/HCEG Top 10 issues 3 of the last 6 years, but keeps getting bumped by other priorities, such as ICD-10, the ACA and others. I’ve just finished the day at AHIP’s pre-conference forum on Cybersecurity, Technology and Infrastructure. It was excellent but disturbing as to where we are at in cybersecurity as an industry.

Why is healthcare security now more critical The financial world doesn’t have a security system they have a remuneration system. Money goes missing from my account and they put the dollars back no harm, no foul, I’m secure, right It is different in healthcare. Unconscious in an ER after an accident, if my blood type or medications comes up in an EMR because someone used my identity for a fraudulent procedure, it just might cost me my life. No one can put that back in the account. Finding out I’ve exceeded my dental plan deductible because someone already had a root canal and crown using my stolen Dental Plan ID makes me acutely aware that my personal information is not secure.

Attempting to connect these dots reminds me of Whack-a-Mole at the circus. We have a mallet in both hands and are pounding down the goffers (cybercriminals, in this case) just as fast as we can. The problem is that there are a lot more dedicated and financially rewarded cybercriminals (as banks just keep reimbursing their fraudulent transactions) than we have mallets. Risk management versus risk avoidance continues to feed the beast. RSA’s President, Amit Yoran, said recently the threat landscape has changed and we have to constantly challenge the existing thinking to get ahead of our adversaries. RSA should know as they had their own significant security breach a few years ago affecting dozens of governments around the world and almost every major defense contractor.

This is a serious trend in healthcare with serious implications. And, it is a battle we are obviously losing. I suggest that we need to do more than challenge our existing thinking we need a whole new way of thinking! Without a whole new approach and focus on security, the credibility and future of healthcare could be in serious jeopardy. The HealthCare Executive Group is accelerating the dialogue on critical issues like security with the launch of the HCEG Webinar Series. Join in the open discussion on June 17th by registering at ww.hceg.org/webinars. We will pick this discussion back up then.