Washington Debrief: CMS Clarifies CEHRT Requirements for 365-Day Reporting | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Washington Debrief: CMS Clarifies CEHRT Requirements for 365-Day Reporting

October 6, 2014
by Jeff Smith, Vice President of Public Policy at CHIME
| Reprints
Jeff Smith, Vice President of Public Policy at CHIME

Top News

CMS Clarifies CEHRT Question: What has to be in place for full 365?

Key Takeaway: The Centers for Medicare and Medicaid Services (CMS) published clarifications last week describing what pieces of 2014 Certified Electronic Health Record Technology (CEHRT) need to be in place for the full 365 days, vs. what functionalities can come online at some point later in the 2015 reporting period.

  • Hospitals must have clinical decision support, including drug-drug and drug-allergy checks in place “Day 1,” or otherwise the entire 2015 program year is lost.
  • Hospitals must also have successful ongoing submission of all public health measures in place by the end of November, or risk failing meaningful use in 2015.
  • For all other measures of MU, hospitals must meet thresholds, but do not have to be live with modules, according to current policy.

Why It Matters: These new clarifications will benefit providers who did not have all modules of 2014 Edition CEHRT in place beginning Oct. 1, 2014. However, many healthcare IT leaders continue to voice their support for a policy change that would shorten the 2015 reporting from a full year to 90 days.

Next Steps: CHIME staff in Washington is continuing to utilize their direct line of communication with officials at ONC and CMS to help them recognize the situation "on the ground."

CMS issued an important clarification regarding what modules need to be in place for program year 2015 in a statement sent through their listserv last week. According to the announcement, if you are attesting to Stage 1 in program year 2015, you must have the Drug-Drug / Drug-Allergy Interaction Checks piece in place for the full 365-day reporting period. If you are attesting to Stage 2 in program year 2015, you must have clinical decision support for Drug-Drug / Drug-Allergy in place beginning last Wednesday, Oct. 1. If these pieces were not in place, you have failed Meaningful Use in 2015.

Some public health objectives have 60 days to allow for registration and test submissions. Some states have different rules and may require retroactive submissions, so please check with your state. Public health flexibilities exist for:

  1. Stage 1 and Stage 2 Immunization Registries Data Submission
  2. Stage 1 and Stage 2 Electronic Reportable Lab Results
  3. Stage 1 and Stage 2 Syndromic Surveillance Data Submission

In summary, eligible providers (EPs) and eligible hospitals (EHs) aren’t necessarily required to have all functionalities in place on the first day of the 365-day reporting period; as long as they meet the threshold for objectives with a numerator and denominator during the year, they satisfy the requirement.

If you would like to read more about the requirements, check out these helpful specifications sheets: Stage 1 and Stage 2, and visit the EHR website for more resources.

Legislation & Politics

CMS Registration and Attestation Website Failures Addressed in 2nd Congressional Letter

Key Takeaway: This week, the CMS’s meaningful use Registration and Attestation website came under fire once again from Capitol Hill, this time from the Senate. Senator Kay Hagan (D- N.C.) requested CMS not assess penalties next year on providers who attempted to attest to meaningful use with 2011 CEHRT but were rejected because the website lacked proper configuration.

Why it Matters: The inability of the website to accept attestation data may be directly impacting thousands of physicians who had until Oct. 1, 2014 to attest to their first year of Meaningful Use or face penalties in 2015. The CMS attestation website has sometimes been a subject of concern for providers that faced similar glitches last year. When approached about this issue, CMS officials noted that these EPs had an opportunity to file a hardship exception by July 1 and should have done so.

First reported by Politico and confirmed by Bloomberg, CMS’s Registration and Attestation website was not functioning properly to process reports from physicians using the new flexibilities for 2014. “The systems require significant changes in how they function to receive attestations in order to allow for providers to use the flexible options,” a CMS spokesperson told Bloomberg in mid-September. “Those changes will be live in mid-October, in time for eligible hospitals and critical access hospitals to attest at the close of the fiscal year for their EHR reporting period in 2014.”

In response to the glitch, Senator Hagan sent a letter to CMS, similar to that sent by Congresswoman Ellmers and Congressman Matheson, requesting that CMS refrain from implementing the one percent reimbursement penalty for providers impacted by the CMS website’s technical errors. CHIME members experiencing issues with the website are encouraged to report the issue here.


FDA Releases Medical Device Cyber Guidance

Key Takeaway: The U.S. Food and Drug Administration has finalized a set of recommendations to protect medical devices from Web-based attacks.

Why it Matters: This guidance, long expected by industry observers, is another indication that federal regulators are increasingly paying attention to cybersecurity policy.

The FDA issued guidance last week for manufactures of medical devices. The guidance directs manufacturers to consider cybersecurity risks while designing devices, and tells them to develop a plan to redress cyber threats with system and software updates. The recommendations instruct manufacturers to:

  • Develop a set of cybersecurity controls to assure medical device security and maintain medical device functionality and safety;
  • Consider leveraging the NIST cybersecurity framework to guide their cybersecurity activities, including the framework’s Identify, Protect, Detect, Respond, and Recover protocols;
  • Include cybersecurity information in their premarket submission of their medical device; and
  • Refer to a list of FDA-recognized consensus standards.

“There is no such thing as a threat-proof medical device,” said Suzanne Schwartz, MD, director of emergency preparedness/operations and medical countermeasures at the FDA’s Center for Devices and Radiological Health, in a press statement announcing the new recommendations. “It is important for medical device manufacturers to remain vigilant about cybersecurity and to appropriately protect patients from those risks.”

JASON Task Force Says Make Interoperability Focus of Stage 3

Key Takeaway: Last week, the JASON Task Force, established under the HIT Policy Committee (HITPC), discussed their Stage 3 recommendations after analyzing their report on Stages 1 and 2.

Why It Matters: After concluding that Stage 1 and Stage 2 of meaningful use failed to create adequate interoperability, the task force plans to recommend that Stage 3 be scaled back and mainly focus on interoperability.

We hope the Office of the National Coordinator for Health IT (ONC) and CMS are still listening to recommendations like this – with the Notice of Proposed Rule Making (NPRM) due out this winter, CHIME expects that most of the proposed rule is already written. Nevertheless, the JASON Task Force was tasked with presenting their findings from Stage 1 and Stage 2 and will submit official Stage 3 recommendations shortly. They want vendors to have flexibility to innovate in Stage 3 and the task force believes less prescriptive standards for Stage 3 will grant that flexibility.

You can find the meeting agenda, materials and audio here (http://www.healthit.gov/facas/calendar/2014/10/01/jason-task-force). The task force will present their recommendations at a joint HIT Standards and HIT Policy Committee (http://www.healthit.gov/facas/calendar/2014/10/15/joint-hit-committee-me...) on October 15, when ONC is also supposed to reveal more about their interoperability roadmap.

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on