Connecting the Dots: MIPS, MACRA, 2015 Certification Edition and HIPAA Omnibus

keith-boone-200By Keith Boone, Healthcare Standards
Twitter: @motorcycle_guy

This is definitely one of those cases that most people will likely miss unless it is explicitly called out, so here I go.

Within the recently released MIPS/MACRA proposed regulations (which I call NuMu for reasons that should be readily apparent), CMS indicates that the legislation (law not regulation!) says:

To prevent actions that block the exchange of information, section 106(b)(2)(A) of the MACRA amended section 1848(o)(2)(A)(ii) of the Act to require that, to be a meaningful EHR user, an EP must demonstrate that he or she has not knowingly and willfully taken action (such as to disable functionality) to limit or restrict the compatibility or interoperability of certified EHR technology. Section 106(b)(2)(B) of MACRA made corresponding amendments to section 1886(n)(3)(A)(ii) of the Act for eligible hospitals and, by extension, under section 1814(l)(3) of the Act for CAHs. Sections 106(b)(2)(A) and (B) of the MACRA provide that the manner of this demonstration is to be through a process specified by the Secretary, such as the use of an attestation.

The 2015 Edition Certification rule requires that Health IT supporting the View, Download or Transmit capability must:

(C) Transmit to third party. Patients (and their authorized representatives) must be able to:

(1) Transmit the ambulatory summary or inpatient summary (as applicable to the health IT setting for which certification is requested) created in paragraph (e)(1)(i)(B)(2) of this section in accordance with both of the following ways:

(i) Email transmission to any email address; and

And finally the HIPAA Omnibus rule suggests that patients may request e-mail transmission of the records they request. See OCR guidance here.

As a result, a common case that occurs when I have requested e-mail transmission of my HCP saying, we aren’t set up to do that nearly disappears after they adopt 2015 technology. After all, the technology has to support direct e-mail to any e-mail address, and the provider cannot knowingly or willfully take any action to disable that capability.

Even if the MACRA/MIPS regulation changes, that doesn’t matter, because what I’ve highlighted above is IN LAW, not regulation, and the other regulations I’ve referenced are final.

So, if your provider tells you that they aren’t set up for that, you might need to connect the dots for them. Ask them if they are using 2015 certified product (which will become possible for many starting in 2017, and much more common in 2018), then reference the legislation above, the 2015 certification requirements, and the HIPAA Omnibus requirements.

This is NOW an existing part of public policy, and my head just exploded as I realized its ramifications for patients in 2017 and beyond.

This article was originally published on Healthcare Standards and is republished here with permission.