A Review of 2020 Rules Affecting 2021

Who: Medicare and Medicaid payer organizations.

Areas of Focus: Requires APIs, health information exchange, and care coordination across payers.

Enforcement Date (ED): On 4/21/2020, CMS and ONC announced a policy of enforcement discretion to allow compliance flexibilities regarding implementation of the interoperability final rules due to COVID-19.  CMS provided hospitals an additional 6 months to implement new requirements.

CMS finalized four new policies for payers:

1. Patient Access through APIs. ED – July 1, 2021

2. API access to published provider directory data. ED – July 1, 2021

3. Payer-to-Payer Data Exchange. ED – January 1, 2022

4. Increased Frequency of federal-state data exchanges for dual eligible members. ED – April 1, 2022

• Define and implement an API enablement strategy; establish an end-to-end API operating model; implement, configure, and maintain security functionalities; update security policies; plan to validate / approve third party developer’s access to their APIs.
• Implement processes and technology to facilitate data exchange with other payers.

Who: Providers

Areas of Focus: Patient access to EHI and interoperability among providers, payers, and patients.

Compliance Date (CD): Dependent on provision.

Enforcement Date (ED): On 4/21/2020, CMS and ONC announced a policy of enforcement discretion to allow compliance flexibilities regarding implementation of the interoperability final rules due to COVID-19.  CMS provided hospitals an additional 6 months to implement new requirements.

The 3 policies for Providers are:

1. Public reporting and information blocking. CD – late 2020

2. Digital contact information. CD – late 2020

3. Admission, Discharge, and Transfer (ADT) Event Notifications. CD – Spring 2021; ED – May 1, 2020

• Have policies and procedures in place to ensure information blocking practices are prevented.
• Update their NPPES record online with digital contact information.
• Clean up master files to ensure up-to-date digital information in NPI.

Who: Health IT Developers, Providers, HIEs.

Area of Focus: Advances interoperability; supports access, exchange and use of EHI; addresses occurrences of information blocking.

Compliance Dates:  Final rule published on 5/1/2020 was effective on 6/30/2020.  ONC enforcement discretion announced on 4/21/2020 provided 3 months after each initial compliance date.  Interim Final Rule (IFC) on 11/4/2020 extended certain compliance dates.

• IFC Compliance Date: 11/2/2020

Updated EHR Certification Criteria.  The functionality EHR vendors need to demonstrate in order to become a certified EHR technology (CEHRT).

• IFC Compliance Dates: 12/31/2022; and 12/31/2023 for EHI export

Health IT for the Care Continuum.  EHR certification criteria that would support voluntary certification of health IT for pediatric settings.  Ten recommendations for Health IT Developers.

• Providers and payers will need to update policies and procedures to prevent information blocking practices, including Security Risk Analysis.
• Providers will need to implement updated and new EHR functionality once available from their vendor as well as update workflow processes.
• Providers will no longer have to develop and support two forms of the QRDA standard (QRDA I and QRDA III).

Who: Applies to Health IT developers of certified health IT, health information networks, and health information exchanges.

Areas of Focus: Proposed to incorporate new Civil Money Penalty (CMP) authorities for information blocking.

Original Compliance Date: Not applicable until final rule is published; comments were due to OIG on 6/23/2020.

Enforcement Date: Proposed to be 60 days after final rule is published.

Statutory Date: Final rule not published; the statutory due date for the final action is 08/00/2021.

• Among this proposed rule’s provisions, it would amend the civil money penalty (CMP) rules to incorporate new CMP authorities for information blocking.
• HHS has the authority to impose CMPs up to $1 million per violation on the applicable entities.
• OIG’s CMP authority does not extend to health care providers; appropriate disincentives will be established in future notice and comment rulemaking.

• If it is determined that a provider has committed information blocking, OIG will refer that health care provider to the appropriate agency for appropriate disincentives.
• Most likely the complaint will be passed to HHS’ Office for Civil Rights (OCR) to investigate; if a provider is following the HIPAA patient access rules, they should be fine.

Who: Eligible Hospitals

Areas of Focus: Hospital Medicare and Medicaid PI programs and eCQMs for Medicare IQR program.

Updates: The most significant quality reporting updates in this rule are for eCQMs.

Effective Date: 10/1/2020

Compliance Dates:  Beginning with FY 2021 quality reporting year.

• Yearly increase in number of self-selected quarters for eCQM reporting.
• Publicly reporting eCQM data by 2022.
• Integrating the validation processes for chart-abstracted measures and eCQMs.
• Minor modifications to the PI Program objective measures.
• Certified EHR technology (CEHRT) requirements for the hybrid measures.
• Hospitals can use either 2015 Edition or 2015 Edition Cures Update standards.

• Public reporting of eCQMs requires updates for monitoring outcomes.
• Increased reporting periods require vendor coordination for reports.
• Chart-abstraction CQM validation process now requires hospitals to submit PDF copies using direct electronic file submission via secure ftp.
• Potential data collection issues with hybrid measures; time and effort to map, extract and validate core clinical data elements from the EHR.

Who: Eligible Clinicians (ECs)

Areas of Focus: Merit-based Incentive Payment System (MIPS) Medicare Shared Savings Program (MSSP) ACOs; Care Management Services / Remote physiologic monitoring (RPM); CEHRT.

Effective Date: Most regulations were effective on 1/1/2021.

Compliance Dates: Beginning with CY 2021 quality reporting year.

• QPP: Implementing MIPS Value Pathways (MVPs) in 2022.
• APM Performance Pathway (APP): New reporting framework for MIPS ECs; aligns with MVP framework (fewer measures).
• QPP: Updates to MIPS performance measures and activities.
• MSSP ACOs: 2021 reporting, can report the APP measure set or Web Interface measures; 2022 requires APP measure set.
• RPM: Code refinements and consent for RPM services.

• Prepare new health IT capabilities and infrastructure components to implement MVPs (for 2022 reporting).
• APP eCQMs will require new data collection format and collection of all-payer data.
• Ensure vendor progress on 2015 Edition Cures Updates.

Who: Eligible Clinicians (ECs)

Areas of Focus: Telehealth communications technology; payment for E/M services; and PHE Interim rules.

IFC portion requests comment on coding and payment for virtual check-in services; comments were due on 2/1/2021.

Effective Date: Most regulations were effective on 1/1/2021.

Compliance Dates: Beginning with CY 2021 quality reporting year.

• Finalized permanent addition of codes for 7 Medicare telehealth services.
• Created new Category 3 criteria for temporary services to evaluate post-PHE; finalized 63 temporary codes under this category.
• Audio only E/M codes will end with PHE.

• March 31, 2020 COVID-19 IFC.  CMS added 89 services to the Medicare telehealth services list on an interim basis.
• May 8, 2020 COVID-19 IFC.  CMS removed the requirement for undertaking rulemaking and added 46 more services to the Medicare telehealth services list on an interim basis.
• October 14, 2020.  CMS added 11 more services to the Medicare telehealth list on a subregulatory basis.

• Providers will need to track and manage PHE interim telehealth codes.
• The extension of the PHE into CY 2021 ensures that clinicians will have at least the entirety of 2021 to collect evidence to support a request to add these services permanently to the Medicare telehealth list.

Who: Group Health Plans and Health Insurance Issuers.

Areas of Focus: Disclosure of pricing and cost-sharing information.

Effective Date: 1/18/2021

Compliance Date: Beginning 1/1/2023

• Plans and issuers are required to design, develop, and deploy an internet-based self-service tool made available on an internet website.  Plans and issuers must make cost-sharing information available for a covered item or service from providers for 500 specified items and services beginning on 1/1/2023, and cost-sharing information available for all items and services beginning on 1/1/2024.
•  Plans and issuers are required to disclose pricing information to the public through three machine-readable files displayed in standardized format and updated monthly beginning on or after January 1, 2022.
  • One file requires disclosure of payment rates negotiated between plans or issuers and providers for all covered items and services.
  • The second file will disclose the unique amounts a plan or issuer allowed, as well as associated billed charges, for covered items or services furnished by out-of-network providers during a specified time period.
  • A  third file will include pricing information for prescription drugs.

• Allow insurers who pass on savings encouraging use of services from lower-cost, higher-value providers to take credit for “shared savings” payments in their MLR calculations beginning with 2020 reporting year.

• Cost to plans, issuers and TPAs to plan, develop, and build the required internet-based self-service tool and machine-readable files.
• Increased operating costs in training staff to use the internet-based self-service tool, responding to consumer inquiries, and delivering consumer’s cost-sharing information and required notices.

Who: Covered Entities (providers, payers, and insurers).

Areas of Focus: Would modify standards for the Privacy of individually identifiable health information.

Effective Date: Effective date of a final rule would be 60 days after publication.

Compliance Date: HHS proposes a compliance date of 180 days after the effective date of a final rule.  OCR would begin enforcement of the new and revised standards 240 days after publication of a final rule.

Current Status: Rule was published in Federal Register on 1/21/2021.

• Expand scope of covered entities’ abilities to disclose PHI to social services agencies, community-based organizations, home and community-based service providers, and other similar third parties that provide health-related services.
• Address standards that may impede the transition to value-based health care by limiting or discouraging care coordination and case management communications among individuals and covered entities or posing other unnecessary burdens.
• OCR proposes definitions for coordination and management of care for electronic health record and personal health applications, and the term clinician.
• Proposed health IT implications include allowing individuals to take notes or use personal resources to view and capture images of their PHI; requiring covered providers and health plans to submit an individual’s access request to another provider and receive back the requested electronic copies of the individual’s PHI in an EHR.
• OCR would require covered entities to post estimated fee schedules on their websites and if requested by individuals, provide estimates of fees for copies of PHI and itemized bills.

• Strengthen individuals’ rights to access their own health information.
• Improve information sharing for care coordination and case management.
• Facilitate greater family and caregiver involvement in care for emergencies or health crises.
• Enhance flexibilities for disclosures in cases such as Opioid and PHE.

Who: Impacted Payers — Medicaid and CHIP managed care plans, state Medicaid and CHIP fee-for-service programs (FFS) and issuers of individual market Qualified Health Plans (QHPs) on the Federally Facilitated Exchanges (FFEs).

Areas of Focus: Enhance certain policies from the CMS Interoperability and Patient Access final rule, add new requirements to implement APIs, and make changes to prior authorization practices.

Effective Date: The regulations are effective 60 days after the date of publication in the Federal Register.  The rule was released by HHS but had not been filed as of 1/20/2021.  And as of 1/20/2021, a regulatory freeze was issued that pauses any new regulations from moving forward.

Compliance Dates: Provisions will be implemented on January 1, 2023, with the exception of amendatory instructions 5, 22, and 28, which will be implemented on January 1, 2024.

• Adopts certain specified implementation guides (IGs) needed to support new API policies for impacted payers.
• Requires building and implementing FHIR-enabled APIs that allow providers to know in advance what documentation is needed for each different health insurance payer, streamline the documentation process, and enable providers to send prior authorization requests and receive responses electronically, directly from the provider’s EHR or other practice management system.
• Medicare FFS and Medicare Advantage plans are not directly impacted by this rule, but CMS notes they will consider proposing Medicare payers in future rulemaking.

• The patient-initiated payer-to-payer data exchange requirements would require exchange conducted via a specified HL7 FHIR-based API.
• Implement and maintain a prior authorization documentation requirement lookup service (DRLS) API.
• Integrated within a provider’s workflow, and aligned with HIPAA transaction standards, a FHIR-based prior authorization support (PAS) API with capability to accept and send prior authorization requests and decisions.