I often find that one of the WOW factors when training on the EHR is showing users where they can set Caregiver Options. Setting up your favorite or most frequently used screen settings can save you countless seconds, minutes, perhaps even an hour throughout your day. 

Each release typically comes with some additional gems hidden away, particularly in the area of Quick Lists. Some of the more popular options include:

• Result Views - you can set a default view when you enter the results screen from either the desktop or with a patient in context. Perhaps when you are in Desktop mode and you enter the result screen, you only want to see Ordered, Past Week by or on your behalf. When you enter in Patient mode, you want to see All Statuses, Labs, Past Year. You can designate that in caregiver options on the Result View screen.
• History - Do you get tired of deleting Other Past History when you include active on the History screen? Are you continuously clicking on the History/Medications tab to include current medications? A quick click of a couple of check boxes in Caregiver Options/History can change that forever. Check Exclude Other Past History and Include Current Medications.
• Lab Orders - Are your caregivers complaining that there orders are showing up under the MA or Nurse instead of them? This routing is controlled in Assessment & Plan. In Caregiver Options, you can preset the ordering on behalf of caregiver for orders placed in A&P to the Appointment Caregiver. This way when the MA or nurse order a test or medication, the Ordering on behalf and Notify fields automatically get set to the provider which the patient was scheduled to see.
• Quick Lists - Tired of Scrolling through lists? Most lists can accommodate a Quick List which pulls items that you choose to the very top of the list above a dashed line. Popular ones include Medication Units, Frequency and Refill quantities, Billing Levels, Caregivers and Subjects, but there is quite an extensive list.

Check it out!

Are you struggling with figuring out how you are going to meet some of the more challenging measures in Stage 2? Are you finding that the technology you need to support you in meeting the objectives is just not available or has not been implemented yet? Do you find that you are having to wait until the last calendar quarter of 2014 in order to achieve implementation of the necessary functionality to attest to the 2014 Stage 2 measures?

If you answered yes to one or more of the questions above, you may experience significant relief from this final rule. There were a couple of key points I noted as I read through the final rule which is due to be published on 9/4/2014.

1. Providers may use any calendar quarter in 2014 to capture data for attestation, they are not limited to the last quarter of the year. (page 36)
2. Providers will have to prove that they were not able to fully implement the 2014 edition of CEHRT. This could be due to availability and timing of software installation (clinical decision support, direct messaging, clinical quality measure data) and ties into the ability to implement any new processes in order to meet the objectives. This is a bit of subjective area so documentation will need to be available to justify. I am happy to go into more detailed discussions in the Q/A session on Sept 5th (see the Education page). There are simply too many scenarios to discuss here.
3. There is a special provision for providers that are unable to meet the Summary of Care, measure 2, due to the inability to identify recipients of an electronic transmission. That too requires distinct documentation.

Once you make the decision as to whether or not you are eligible for a flexibility option in 2014, the CMS table (Table 2) in the above link, does a good job of giving you available options. The CQM options get a little tricky if you are using the 2011/2014 combination since you are allowed to use an alternate reporting period for the CQMs.

Meaningful use objective number 9 continues to stump many practices as far as what is required. So much so, that CMS has dedicated many resources to this one measure. Let’s review the measure and discuss what is really needed before you attest to meeting measure # 9.

The CMS Eligible Provider Specification Sheet, defines the measure as:

Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a) (1), including addressing the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR 164.312 (a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process for EPs.

If you are using Professional EHR 13 or later, you can be assured that all the 2014 certification criteria related to security were met. In fact, you can print out the proof by accessing the ONC website, searching for the Professional EHR product, click the name of the product you are using and you will get a full report of all the criteria passed for 2014 certification, including security. Unfortunately, it doesn't stop there! You must also evaluate your office environment, staff policies and procedures, etc. to fully complete the security assessment. Some examples of needed documentation include:

• How do you control access to your office space during and after office hours? If an employee leaves or is terminated, how do you insure that the access is also terminated?
•  How is PHI handled at your workstations? Do you have privacy screens? What are the Lock Out settings in the EHR? How do you address function access to PHI?
• How often do you train staff on HIPAA requirements? When was the last training? What was covered? Do you have sufficient policies and procedures to address both HIPAA and the meaningful use requirements?
• How often do you review and edit policies and procedures? How is this handled in your office (executive board meeting, designated committee, etc)?
• Do you have a security action plan?  How often are backups done? How are they stored? If the backup is on an external device, is the data encrypted? Do you store files with PHI on your laptop (spreadsheets, analytical files, CCDs or patient chart exports? Are those files encrypted?
• Are the planned actions, owners and dates documented in that security action plan? How often do you update it? You must review and update during your meaningful use reporting period at a minimum to meet the measure.
  
  The bullets above are just examples of topics to evaluate and include in your security assessment.

Though it may seem quite ominous, you have likely addressed much of it within your HIPAA compliance plan and regular policies and procedures.

In addition and the best news is that there is a free tool available, provided by the government to assist you in completing your security assessment. You can also contract with an external vendor to assist you in completing the security assessment. Please remember that regardless of which method you choose, you are still ultimately accountable. 

Have additional questions? Join the question and answer session on Sept. 5th posted on the Education page.

It is important to understand the requirements and exclusions of the Secure Messaging measure. The objective of course is to encourage electronic communications between a patient (equates to patient or the patient’s representative) and a provider regarding the patient’s health information. That communication can be initiated by either the patient or the provider with a response from the patient. The key being the patient has to engage.

Before I discuss ways to meet the measure, let’s review the exclusion. On the CMS website, eligible provider specification document it states, “Any EP who has no office visits during the EHR reporting period, or any EP who conducts 50 percent or more of his or her patient encounters in a county that does not have 50 percent or more of its housing units with 3Mbps broadband availability according to the latest information available from the FCC on the first day of the EHR reporting period.”

You can determine broadband availability here. Then click on “Rank your geography”, “Rank within a State”, “County”, Select you State and click on “Generate the List”. The counties in your State will be listed in order of % with access speeds of >3Mbps. There was one in North Carolina that fell below 50%. I found this interesting : ) and certainly not the easiest data to find!

Ok, now that we have that out of the way, let’s talk about the messaging part. Messages must use the certified EHR technology (CEHRT). Typically this is a portal solution. It may be the portal your complete CEHRT used for certification or it could be a different portal that is certified as a modular component. Depending on the solution, percentages can be obtained as follows:

• Complete CEHRT solution: the provider’s % will be generated out of the reporting solution for the 2014 complete CEHRT.
• Modular product: generate the messaging report out of the modular component and then compare that list to the denominator generated from the complete CEHRT to get the accurate % for attestation. Don’t forget the put this solution in the cart when you generate your Certification ID on the ONC website.

The actual message exchange between the provider and patient should be about relevant health information, for example, refill requests, request for instructions about a particular condition or treatment, etc. and not the local golf tournament. Either the patient can generate the message to the provider OR the provider could generate the message and the patient could respond. Once this occurs, any provider in the practice who has seen the patient during the EHR reporting period should receive credit in the numerator. This is referred to as a halo effect.

Other ways to achieve this measure would include:

• Educating the patient on how to send a message to a provider while they are in the office.
•  Asking for a patient to respond to a clinical reminder message sent to the portal.
• Asking patients to verify they have reviewed their lab results and do not have additional questions or to include questions in their response.

Whether or not the provider responds to the message is not part of the calculation since it may be more appropriate to respond by another means.

1)    Just prior to attesting, generate a summary report for each Core and Menu measure with a calculated threshold. This will be used to validate the numbers you enter in the attestation portal. Reports should clearly state the Pro EHR version of the CEHRT (certified electronic health record technology) used to generate the report.

a)    Core measures:

i)     CPOE w/ Drug Interaction Checking*, ePrescribe w/ Drug Formulary*, Demographics, Vital Signs, Smoking, View Download, and Transmit (Timely Access and Online Access), Clinical Summaries, Clinical Lab Tests, Patient Reminders, Patient Education, Medication Reconciliation, Summary of Care, Secure electronic messaging, Immunization Registry, Clinical Decision Support

(1)  Summary of Care measure 3 – evidence that a provider that uses a different EHR received a direct message Referral Summary of Care C-CDA document from the practice.
(2)  Patient Lists (the actual de-identified list of patients including the clinical criteria used)
(3)  Protect electronic health information (Security Risk Assessment): Documentation demonstrating your Security Risk Assessment review for that reporting year and any educational or process changes which occurred during the reporting year to make sure you are maintaining the security of your data. This assessment is outside of the EHR an ideally includes an action plan with responsible parties. It needs to be reviewed and updated regularly within your reporting period. A tip sheet can be located here on the CMS website.

ii)    Qualifying for an exclusion for a core measure is the same as successfully meeting the measure; however, you should still be able to prove why you qualify for the exclusion.

b)    Menu Measures – the three you have chosen from the following:

i)     Electronic Notes, Imaging, Family Health History, Syndromic Surveillance+, Cancer Registry - or Specialized Registry  - .

ii)  -  Not supported by Allscripts Professional EHR as of this posting date. Supplemental certified software would be needed to choose these as menu measures.

+ Most states do not accept syndromic surveillance data from ambulatory providers. 

2)    Optional reports in support of the Yes/No attestation measures

i)     The Non-calculated measure report provides support for the Yes/No attestation answers. Services that are enabled, such as: CDS Recommendations, Drug Interaction Checking, Drug Formulary, Immunization Registry and Syndromic Surveillance* are indicated on this report. You can use this report for validating these measures where on for the duration of the reporting period or screen shots from the product demonstrating the use of these services.

ii)    The CDS recommendations report will validate the provider has chosen at least five recommendations and the associated clinical quality measure number. This report should also validate that these measures correlate with a minimum of four of the nine Clinical Quality Measures chosen.

3)    Clinical Quality Measures – 9 clinical quality measure attestation reports and evidence of submission per CMS direction should be included with this documentation.

4)    Keep this documentation for at least SIX YEARS in at least two formats (saved on your computer, flash drive, external hard drive, printed copy – these are examples of different formats referenced here.

If you think Stage 2 is impossible, please call, it certainly is possible and you shouldn't leave your money on the table!