1 / 31

Comprehensive Overview of HITECH Act Incentives and HIPAA Changes for Healthcare Providers

This presentation by David G. Schoolcraft and colleagues analyzes the 2009 HITECH Act, highlighting up to $36.5 billion in federal funding aimed at advancing health IT. It covers federal incentive payments, significant HIPAA modifications, and the implications for hospitals and physicians. Key areas include Medicare and Medicaid payment structures, criteria for "meaningful use" of EHR technology, and penalties for noncompliance. This plan outlines strategies for healthcare organizations to navigate this new landscape effectively.

nita
Télécharger la présentation

Comprehensive Overview of HITECH Act Incentives and HIPAA Changes for Healthcare Providers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HITECH ActExecutive Action Plan 2009 David G. Schoolcraft Ogden Murphy Wallace, PLLCdschoolcraft@omwlaw.com

  2. Presentation Overview • Part I – Federal Incentive Payments for Health IT • Up to $36.5Billion in federal stimulus funding • Unprecedented opportunity to advance “Health IT” • Complex payment methodologies and some open issues • Part II – Significant Changes to HIPAA • Data Breach Notification Rules • Business Associate Agreements • Penalties & Enforcement • Accounting of Disclosures • Part III – Action Plan for 2009

  3. Scope of Available Funding • Eligible Hospitals • Medicare • PPS factors: discharges, “Medicare Share” • CAH factors: costs w/o depreciation, “Medicare Share” • Medicaid • 10% of hospital’s “patient volume” (to be defined) • No difference in payment methodology for PPS and CAH • Eligible Physicians (Medicare or Medicaid) • HIE Planning and Development Grants • EHR Adoption Loan Program

  4. Washington Grace Hospital = 25 beds, Critical Access Hospital 2 Employed Physicians – Medicare ($44,000) The Whole Picture Estimates based on certain factual assumptions. Subject to revision under final HHS regulations.

  5. Washington Grace Hospital = 80 beds 4 Employed Physicians – Medicare ($44,000) The Whole Picture Estimates based on certain factual assumptions. Subject to revision under final HHS regulations.

  6. Key Terms for Medicare/Medicaid Incentives for Adoption and “Meaningful Use”of “Certified EHR Technology”

  7. “Meaningful Use” • Demonstrate to the “satisfaction of the Secretary” use of certified EHR in a meaningful manner • Certified EHR technology must be connected to provide for the electronic exchange of health information to improve the quality of care • Hospitals to submit information on clinical quality and other measures as selected by the Secretary • More stringent measures over time

  8. “Certified EHR Technology” • “Certified EHR technology” is a qualified electronic health record meeting standards to be defined • Office of the National Coordinator for Health Information Technology (“ONC”) to develop certification program • Certification Commission for Healthcare Information Technology (“CCHIT”) may be involved along with the National Institute of Standards and Technology (“NIST”) • December 31, 2009 deadline for initial standards, implementation specs and certification criteria

  9. Medicare Incentive Payments • Fiscal year 2011-2015 (Oct. 2010) • Phased Transition Schedule After 2013 • HHS will determine how hospitals shall demonstrate meaningful use (attestation, survey, etc.) • Amount ($2 MM + $200 (Discharges 1,150th - 23,000th)) * Medicare Share * Transition Factor • Medicare Share = Medicare portion of inpatient days adjusted upward for charity care. • Transition Factor - Reduction by 25% per year for 4 years

  10. Medicare Incentive/Penalty Timeline • Medicare incentives are paid on a transition schedule. • After FY 2015, if a hospital is not a meaningful EHR user then penalties begin

  11. Medicare Incentive Payments • Washington Grace Hospital – 80 beds Medicare Share 65% Total $4,075,990 *Estimate based upon existing statute in advance of HHS rule making.

  12. Medicare Incentive PaymentsCritical Access Hospitals Calculation • If a meaningful EHR user by 2015, CAH may expense certain EHR costs in one year for cost reporting purposes (non-depreciated basis) and certain costs from prior periods • Calculation uses Medicare Share amount + 20% • Equation: 101% * Reasonable Cost of EHR System * (Medicare Share + 20%) • If CAH is not a meaningful user by 2015 or thereafter, percentage reimbursement will be reduced to 100.66% in 2015, 100.33% in 2016 and 100% in 2017

  13. Washington Grace CAH – 25 beds Medicare Incentive Payments Critical Access Hospitals Medicare Share 75% + 20% = 95% (20% increase for CAH) Assumes costs remain the same over all four years Total $1,348,242 *Estimate based upon existing statute in advance of HHS rule making.

  14. Critical Access Hospital Penalties • CAH’s who have not implemented EHR’s by 2015 may be subject to reductions

  15. Medicaid Incentive Payments • 10% of “Patient Volume” on Medical Assistance • To be defined by Secretary of HHS • Inpatient vs. outpatient volumes • States allocate the money • Year 1 – Demonstrate efforts to adopt, implement or upgrade EHR system • Years 2-6 – Demonstrate “meaningful use”

  16. Medicaid Incentive Payments Critical Access Hospital • Washington Grace CAH – 25 beds Medicaid Share 10% Total $458,109

  17. Medicare Incentive Payments forPhysicians • Physician incentive payments are 75% of Medicare allowed charges • Penalties – reduction in physician fee schedule • 10% increase in incentives if physician practices in a designated health professional shortage area

  18. Medicare Incentive Payments forPhysicians • Hospitals may be able to collect incentive payments for certain employed physicians, but note that “hospital-based” physicians are excluded

  19. Part IIHIPAA New Compliance Obligations and More Regulations to Come

  20. Timeline of HIPAA Requirements

  21. Breach Notification • Requires that covered entities notify patients of any unauthorized acquisition, access, use, or disclosure of “unsecured” PHI • Date of discovery – first day breach was known or should have been known • Notice within 60 days of discovery • If+500, then notice to media and HHS

  22. Breach NotificationKey Issue: Is data “unsecured”? • Recent HHS Guidance • Reference to NIST Publication 800-100 • Internal review and risk analysis • Data encryption technologies

  23. Business Associates • Currently – Business Associates not directly regulated by HIPAA • Application of HIPAA Security Requirements • Administrative Safeguards • Physician Safeguards • Technical Safeguards • Documentation Requirements • Requirement to notify Hospital if there is a breach • Open question regarding mandatory revisions to Business Associate Agreements

  24. Enforcement • Expansion of criminal and civil penalties • Tiered penalties tied to violator’s level of intent • Periodic audits by HHS • Victims may receive percentage of civil penalties • State Attorney General may bring an action provided an action by HHS is not pending

  25. Accounting of Disclosures • Eliminates existing exception limiting accounting for disclosures other than treatment, payment and health care operations • Will require significant operational changes, but may be aided by improved IT systems • Staggered effective dates:

  26. Part IIIAction Plan for 2009

  27. 1. Incentive Payment Analysis • Prepare estimate of health IT incentive funds available for your facility • Analyze Medicare and Medicaid incentive payments for hospitals (PPS/CAH) and eligible physicians • Monitor HHS, ONC, CCHIT, NIST for development of standards for “certified EHRs” and “meaningful use”

  28. 2. Data Breach Prevention • Develop data breach prevention and response plan • Assess data security in light of new federal standards • Implement additional data security measures deemed necessary and appropriate following risk analysis • Develop reporting and communications plan in conjunction with IT service providers: • Internal reporting and incident review • Required external communications (patients, media, government) • Methods to address follow up inquiries from patients and/or media

  29. 3. Technology Transaction Review • Careful review of information technology transactions– from due diligence during system selection through contracting • Ensure that all information technology transactions are HITECH-Ready • Vendor/service provider commitments regarding data security and accounting of disclosure requirements • Updated Business Associate Agreement • Functionality necessary to obtain or maintain “certified EHR” status and to facilitate “meaningful use”

  30. Questions? David G. Schoolcraft dschoolcraft@omwlaw.com 206.447.7211

More Related