The Medicare Access and CHIP Reauthorization Act (MACRA) is a transformative law that will ultimately lead the American health care system away from a fee-for-service model and towards a new risk-bearing, value-based, coordinated care models. MACRA will drive payment and delivery reform across the payer mix for the foreseeable future in an attempt to lessen the overall burden of ever-climbing healthcare costs in the US.
Anyone who bills Medicare Part B for more than $30,000 or sees more than 100 Medicare Part B patients must participate in MIPS/MACRA. Eligible Clinicians include: MD, DO, NP, PA, CNS, CRNA.
The good news: Kentucky REC is here to help. We have been awarded a grant from CMS to establish the Quality Payment Program Resource Center™ to provide FREE help to eligible clinicians as they navigate participation in the CMS Quality Payment Program focused on supporting providers in small practices (15 or fewer Eligible Clinicians), and rural or underserved areas.
The Resource Center™ web portal will be your trusted source for the education and resources you need to be successful under this new Medicare payment program. We can offer you:
- Straightforward, self-directed resources and tools
- Up-to-date materials reviewed for accuracy and usability
- Expert Quality Payment Program Advisors available via live chat or phone support
Please join us for a FREE kick-off webinar on May 31st from Noon – 1pm (EST). This webinar will explain why the Quality Payment Program is important to you, how the Resource Center™ web portal will empower your team with our educational resources and tools, and what your next step is to start receiving our no-cost support.
*During this webinar, you will be connected to audio using your computer’s microphone and speakers (VoIP). A headset is recommended.
US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.
Can HIPAA compliance help covered entities and business associates prevent infections of malware, including ransomware?
Yes. The HIPAA Security Rule requires implementation of security measures that can help prevent the introduction of malware, including ransomware. Some of the required security measures include:
• implementing a security management process, which includes conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and implementing security measures to mitigate or remediate those identified risks;
• implementing procedures to guard against and detect malicious software;
•training users on malicious software protection so they can assist in detecting malicious software and know how to report such detections; and
• implementing access controls to limit access to ePHI to only those persons or software programs requiring access.
Is it a HIPAA breach if ransomware infects a covered entity’s or business associate’s computer system?
Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific determination. A breach under the HIPAA Rules is defined as, “…the acquisition, access, use, or disclosure of PHI in a manner not permitted under the [HIPAA Privacy Rule] which compromises the security or privacy of the PHI.” See 45 C.F.R. 164.402
When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule.
Unless the covered entity or business associate can demonstrate that there is a “…low probability that the PHI has been compromised,” based on the factors set forth in the Breach Notification Rule, a breach of PHI is presumed to have occurred. The entity must then comply with the applicable breach notification provisions, including notification to affected individuals without unreasonable delay, to the Secretary of HHS, and to the media (for breaches affecting over 500 individuals) in accordance with HIPAA breach notification requirements. See 45 C.F.R. 164.400-414.
Call the Kentucky REC today at 859-323-3090 to see how we can help with your HIPAA compliance.
CMS has followed up the MIPS Notification letters with a helpful tool to look up provider eligibility by individual NPI. To access the NPI lookup tool, go to http://qpp.cms.gov and click on the green “Check Now >” button as seen in the screenshot below.
From there, you can enter the provider’s individual NPI to check their eligibility. This tool should help anyone who is unsure about their provider’s status with MIPS for 2017. If CMS data reflects that the provider is required to submit data to MIPS, the following screen will state” “Included in MIPS; (Providers Name) must submit data to MIPS by March 2018″ along with a new green button labeled “What Can I Do Now?”.
If the provider isn’t required to submit data to MIPS for 2017, the screen will show: “Exempt from MIPS; (Provider Name) is not required to submit data to MIPS for 2017″ and there will not be a green button for next steps.
Our experts at Kentucky REC are here to answer your questions. Contact us at 859-323-3090.
Join us Wednesday, May 24 for our webinar highlighting the new 2017 PCMH standards
On April 3, 2017, the National Committee for Quality Assurance (NCQA) released new Patient-Centered Medical Home (PCMH) standards.
On May 24th at Noon (EST), Kentucky REC’s Certified Content Experts will host a FREE webinar to highlight the new 2017 PCMH standards, including changes in criteria and updated scoring.
PCMH is an excellent practice transformation model for practices committed to access, communication, and care coordination. Now is also the perfect time to pursue recognition since your organization can receive full points in the Improvement Activities category of the Merit-Based Incentive Payment System under the Medicare Access and CHIP Reauthorization Act (MACRA).
Meaningful Use continues until 2021 for EPS who are participating in the Medicaid EHR Incentive Program.
The 2017 Program Year brings some changes in the Medicaid Meaningful Use reporting requirements for certain Modified Stage 2 Objectives. Also, in 2017, EPs can choose to report on Stage 3 Objectives instead of Modified Stage 2.
Join us for our “Meaningful Use: Preparing for 2017 and First Look at Stage 3” Webinar on Tuesday, May 16 at Noon EST.
During this webinar, we’ll provide a side-by-side comparison to help with your decision making process.
Register now to learn more about Medicaid Meaningful Use reporting for 2017.