On October 14th, Medicare published the final rule on the implementation of MACRA (the Medicare Access and CHIP Reauthorization Act) which will replace Meaningful Use for Physicians and Providers in 2017. In developing the next-generation of incentives for providers CMS, HHS and the ONC attempted to streamline requirements for reporting of key clinical measures and provide flexibility to allow smaller providers to choose the measures which align best with their practice.
The new Quality Payment Program (QPP) applies to providers who bill Medicare more than $30,000 per year and provide care for more than 100 Medicare patients per year. Participation is mandatory as a 4% “negative payment adjustment” will applied to providers who do not provide reporting data.
Providers will have the option of two paths for participation in the payment program: Advanced Alternate Payment Models (APM) or Merit-based Incentive Payment System (MIPS). Under each model, providers can choose from a broad list of quality measures and outcomes to report performance against. Measurements are split across 4 categories: Quality, Improvement Activities, Advancing Care Information, and Cost. Cost will be reported on in 2017, but will not be included in performance calculations until 2018. Providers can choose their own measures in the Quality and Improvement Activities categories and number of measures required will be determined by practice size, location and specialty.
However, the Advancing Care Information (ACI) category is defined with 5 required measures. Up to 9 measures can be submitted for additional credit but all 5 required measures must be met to be considered for incentives. The required measures for ACI are:
- Security Risk Analysis
- Provide Patient Access
- Send Summary of Care
- Request/Accept Summary of Care
Protection of Patient Health Information continues to be defined as a central measure for participation in the new program. The new ACI measure for Security Risk Assessment
is defined with nearly identical language to the previous Objective from Meaningful Use:
“Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI data created or maintained by certified EHR technology in accordance with requirements in 45 CFR164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the MIPS eligible clinician’s risk management process.”
The new MACRA and MIPS program will allow flexibility for Providers to choose the quality and outcome measures that best align with their practice. However, the core principals of protecting health information, providing patients with access to data, and enabling exchange of data between providers continue to be important as Medicare adopts the new programs in 2017.
Additional information for MACRA and QPP can be found at: https://qpp.cms.gov/