CMS incentives and fines

Carrot, Stick and Hammer by Dr. Jose Delgado I don’t think that the present and future of medicine is understood by many people in the United States. While many people talk about healthcare reform few understand the actual situation we in the healthcare industry are facing.

I don’t think that the present and future of medicine is understood by many people in the United States. While many people talk about healthcare reform few understand the actual situation we in the healthcare industry are facing. In a way is interested to see how the Government is trying to lead healthcare professionals. First they provide incentives to motivate a particular behavior. Then, for those who do not take the incentive a reduction in payment is implemented. Down the road they prosecute and penalize you if you receive any funding and didn’t comply with their rules. In an article written by Mr. Kenneth J. Terry, Penalties for Physicians: They Keep Piling on. Medscape. 01Jan , he writes about the carrot and the stick approach where the initial effort is to incentivize which is followed by penalties for those that do not comply. I agree with his analysis but think Mr Terry falls short since the penalties for those not complying may be lesser than the penalties for those that are trying to comply but are faced with audits, fines and penalties for “non-compliance”, hence the carrot, stick and hammer approach. Some of the better known programs and a brief description where this situation applies are: E-prescribing. Incentives for electronic prescription started at 2% and decreased to 1% in 2012. By the year 2013 these incentives will go down to 0.5%. The way the program works physicians must have written at least 10 prescriptions between January 1st and June 30 of 2011 or face penalties in 2012 for not prescribing electronically. The fine for not prescribing electronically will rise to 1.5% in 2013 and 2% in 2014. The problem with electronic prescriptions and the Electronic Health Record (EHR) incentive program is that even if the healthcare professional completed the attestation for meaningful use, he/she may still be penalized under the electronic prescription program if they didn’t write the minimum number of prescriptions required. Of all the programs the government is pushing, electronic prescription is the easier to comply with even if you have to use a stand alone program. Meaningful Use. Meaningful Use Stage 1 seems simple to implement as the main drivers are use of a certified EHR and attestation that all the necessary steps are been implemented. However this has not been proven to be the case in many Practices as implementation attempts have decreased production and increase costs. The key factor that must be understood is that Eligible Providers (EPs) must show compliance with meaningful use (all stages) as they are been implemented or face penalties. Another fact about meaningful use is that penalties may vary depending on how many EPs are meaningful users. As Mr. Terry explains: If less than 75% of all EPs in the United States are meaningful users, the penalty for not complying with the program starts at 1% in 2015, rising to 5% or more in 2019. If an EP also does not e-prescribe, the penalty starts at 2% in 2015. If more than 75% of EPs are meaningful users, the penalty for not showing meaningful use also begins at 1% in 2015 but rises only to 3% in 2019. The due date for meaningful use stage 2 is now set for October 2013 and the requirements for meaningful use stage 3 are under discussions as we speak. Yet the fact that your present system has been certified under meaningful use stage 1 doesn’t mean that they are certified under meaningful use stage 2. In addition to the challenges and costs of implementation there is the issue of data sharing, the Health Insurance Portability and Accountability Act (HIPAA) and how the law may interpret the sharing of information in the exchanges and your responsibility to protect the same. At this point in time there are many gray areas that expose EPs to potential violations under HIPAA. Last but not least, those that received incentives for meaningful may now be facing visits from agencies such as the Office of the Inspector General to ensure that they truly meet the requirements they attested to in face 1. Physician Quality Reporting System (PQRS). Created in 2007, PQRS introduced a 0.5% incentive for eligible professionals who agreed to participate in CMS quality reporting program. The program requires eligible professionals to report three measures on a specified group of patients. Starting in 2015, the penalty for failing to submit data under the PQRS program is 1.5% of Medicare payments. The subsequent year, 2016, the penalty for failing to submit data increases to 2%. Value Based Purchasing Program (VBP). The basics of VBP is that Providers must be accountable for cost and quality of care. Using this concept as a based CMS plans to implement a program to make groups of 100 or more physicians accountable for their services by using a quality and efficiency score. The initial data to measure performance will be collected throughout the year 2013 but the financial implications will not be seen until the 2015 year. Compliance. In addition to the previous programs it is important to remember that there are other initiatives and regulation that while they do not offer any incentives they will penalize those not complying with the same. For example, the Dept. of Health and Human Services’ (HHS) Office for Civil Rights issued a warning to doctors as they announce a resolution settlement: No matter the size of your practice, you will be held accountable for HIPAA violations. In one particular case the HHS Office for Civil Rights launched an investigation after a complaint was filed alleging that the practice was posting surgery and appointment schedules on an Internet-based calendar that was publicly accessible. Susan McAndrew, the HHS office’s deputy director of health information privacy, said when the office started working with the practice to resolve the issue, it became clear that the practice had done little to comply with HIPAA Privacy and Security Rules since the regulations were implemented in 2003 and 2004, respectively. The practice didn’t admit any wrongdoing but agreed to pay 100,000 and take corrective actions. Another Practice agreed to pay 1.5 million as a settlement. In this case the investigation by HHS followed a breach report submitted by the Practice itself. This Practice in particular was following the protocols of the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification Rule, reporting the theft of an unencrypted personal laptop containing the electronic protected health information (ePHI) of patients and research subjects. The information contained on the laptop included patient prescriptions and clinical information. OCR’s investigation indicated that the Practice failed to take necessary steps to comply with certain requirements of the Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that the Practice created, maintained, and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices, and adopting and implementing policies and procedures to address security incident identification, reporting, and response. OCR’s investigation indicated that these failures continued over an extended period of time, demonstrating a long-term, organizational disregard for the requirements of the Security Rule. “In an age when health information is stored and transported on portable devices such as laptops, tablets, and mobile phones, special attention must be paid to safeguarding the information held on these devices,” said OCR Director Leon Rodriguez. “This enforcement action emphasizes that compliance with the HIPAA Privacy and Security Rules must be prioritized by management and implemented throughout an organization, from top to bottom.” In addition to the 1.5 million settlement, the agreement required the Practice to adhere to a corrective action plan, which includes reviewing, revising, and maintaining policies and p
rocedures to ensure compliance with the Security Rule. An independent monitor was also assigned to conduct assessments of the Practice’s compliance with the corrective action plan and render semi-annual reports to HHS for a 3-year period. In Summary, there is no question that we as healthcare professionals must embrace technology to survive, yet, the carrot, stick and hammer approach may result in future accessibility issues to potential patients as more Providers may select retirement, emigrating or simple changes to minimize exposure. Regardless of the approach the road is not clear anymore and professional guidance and consultants may be a cost of doing business in the future.