Not a Time to Put Things on Hold
By Van Zimmerman @DataMotion
On December 6, the Centers for Medicate & Medicaid Services (CMS), through a blog post, intimated that it would be extending Meaningful Use Stage 2 through 2016, and Stage 3 would begin at the earliest in 2017. This could potentially be a reprieve for providers that have not achieved Stage 2 or will not by 2015.
The number impacted could be quite substantial. According to the Medical Group Management Association’s numbers, as of August, 2013, 1400 complete Electronic Health Record systems (EHRs) were certified under 2011 criteria (i.e. Stage 1), but only 21 complete EHRs were certified under 2014 criteria (Stage 2). If you bought into one of those 1379 or so, the future is not entirely certain.
If the compliance dates are pushed back, it may be a reprieve, but not necessarily an excuse to relax. The number of certified EHRs will undoubtedly grow, whether or not CMS extends the incentives and delays the penalties. Some vendors will get their products certified, as there are many solutions out there for incorporating third party technology to target specific certification criteria. For example, third party providers can help implement secure messaging, such as DIRECT, quickly and inexpensively. So, proceeding with the current schedule may be the prudent move.
Why? First, if the blog post is to be taken at face value, Stage 3 will only begin for those who have completed at least two years of Stage 2. For those who are so inclined as to pursue Stage 3 as soon as possible, they would need to be well on their way by 2015, the original start of the payment penalties.
Second, for those EHRs and providers seeking to push out their certification and attestation, respectively, one area of concern is the interplay between HHS/CMS proclamations and regulations and the statutorily required payment adjustments (penalties). By law, failure to achieve Stage 2 by 2015 will subject providers to increasing Medicare payment penalties.
That CMS acknowledged this statutory authority would reinforce that it cannot change those payment reductions without legislative action. One non-legislative solution would be to grant significant hardship exemptions to hospitals and physicians to forestall the imposition of penalties. The financial costs associated with switching EHRs and implementing a new one could potentially form the logical basis for such exemption. The five-year limit on such an exemption would presumably be a non-issue given a Stage 2 extension to 2016. Hardship determinations are included in the exclusion from judicial or administrative review.
One side benefit of this approach would be that CMS could use its discretion in applying penalties, and could leverage providers’ relationships with EHR vendors to put pressure on those vendors to achieve Stage 2 certification, rather than just pushing back the deadlines, which could have the effect of merely delaying vendor compliance efforts.
These and other possibilities notwithstanding, until there is a more concrete and reliable source available, it would be ill advised for providers and EHR vendors to put their compliance efforts on hold using merely a blog post as authority. While the CMS post implies that penalties would not occur if Stage 2 dates are extended, it doesn’t come out and say that. It may be that it is merely extending Stage 2 and pushing out Stage 3 for its own convenience. Until there is something more detailed and definitive, it may be more prudent to stay the course and bring Stage 2 efforts to completion.
About the Author: S. Arnold Zimmerman (“Van”) has over 15 years experience in Healthcare IT, including IT Security, as well as internal audit, regulatory, billing, and research compliance. He has held positions including Privacy Officer, Compliance Counsel, and Director, Internal Audit with a 1150-bed health system in New Jersey. He received his Bachelors in Economics from Lafayette College, and his Juris Doctor and MBA from Indiana University. He currently maintains his CISSP, ISSAP, ISSMP, and ISSEP certifications, and is a licensed (but not practicing) attorney in NJ. He is the Privacy and Security Officer for a 24-hospital HIO, and a regulatory consultant to DataMotion, Inc.