CMS Released Proposed Meaningful Use Stage 3 Rule & Certification Requirements

  • CMS Logo

logo-ehr-incentive-program

The Centers for Medicare & Medicaid Services (CMS) announced its proposed Meaningful Use (MU) Stage 3 Rule. Concurrently, the Office for National Coordinator for Health Care IT (ONC) has proposed a 2015 edition for the certification requirements of electronic health record technology. These proposed rules are scheduled to be published in the Federal Register on March 30, 2015. The publication in the Federal Register will start the customary 60-day public comment period for the proposed rule through May 29, 2015.

The stated aim of the modifications contained in the proposed rule is to provide participants in the Meaningful Use program more flexibility.  The current requirements for the MU program allow for eligible hospitals and eligible providers to receive incentive payments through meeting a progressive schedule of Stage 1 standards,  Eligible participants receive higher incentive payments through additional clinical and patient engagement levels in MU Stage 2. CMS has committed to maintaining its current MU progressive eligibility standards through 2017.

In its proposed rule CMS calls for adoption of Stage 3 to be optional in 2017, but mandatory in 2018. The proposed rule would modify the current bifurcated classification of eligible hospitals and eligible providers so that all Medicare providers would fall into a single reporting period by 2018.

The proposed 2015 Edition Certification Standards criteria would include new and updated IT functionality and provisions that support care improvement, cost reduction, and patient safety across the health system. The proposal establishes first time standards for data segmentation for sensitive health information like records of mental health, behavioral and substance abuse treatment. The data segmentation standards are a vehicle for the transmission and sharing of treatment information that requires privacy protections that are more stringent than the HIPAA Privacy Rules.  The new standards are designed to address confidentiality and consent to disclose requirements provided for this type of treatment records in federal and state laws.   

The CEHRT proposal would add functional requirements for system audit (e.g., adding capability to log view only activity and multiple level sign-ons to get around BTG) and integrity.  But, the proposal will not require that any of the privacy/security features be delivered to the customer defaulted in the active state—they remain system owner decisions.  ONC’s approach to this is summed up this way: “The

[CEHRT] regulation applies to health IT and not to the people who use it. Thus, how an individual provider or entity chooses to ultimately implement health IT that has been certified to the certification criterion does so outside the scope of the regulation.” 

Click here to read the proposed rule for Stage 3 Meaningful Use. Click here to read the proposed 2015 Edition Certification criteria.

March 23rd, 2015|

About the Author:

David Holtzman
Considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules, David Holtzman was a senior advisor at OCR before joining the team at CynergisTek. He also previously served as the privacy & security officer for Kaiser Permanente’s Mid-Atlantic Region.