WHITE PAPER
Electronic Event Notifications Condition of Participation: Understanding & Meeting Compliance Requirements
PATIENTPING.COM
Executive Summary
The new CMS Condition of Participation requires hospitals, psychiatric hospitals, and Critical Access Hospitals to send electronic event notifications.
The Centers for Medicare and Medicaid Services (CMS) created the new electronic event notification (e-notification) Condition of Participation (CoP) as part of the Interoperability and Patient Access Rule (85 FR 25510) to significantly accelerate information sharing between hospitals and other providers across the care continuum. CMS used its most consequential regulatory lever, Conditions of Participation, to create the new e-notification requirement showing the importance the agency places on increasing provider access to needed information. CMS created the new requirement, which goes into effect May 1, 2021, specifically to support care coordination efforts across the care continuum and to improve patient outcomes. CMS’s Interoperability and Patient Access Final Rule was published in conjunction with The Office of National Coordinator for Health Information Technology (ONC) Cures Act in furtherance of federal efforts to increase interoperability and eliminate information blocking practices. Specifically, the new hospital electronic event notification CoP requires hospitals, psychiatric hospitals, and Critical Access Hospitals to make a reasonable effort to send e-notifications either directly or through an intermediary at the point of emergency department presentation/registration and discharge as well as at the point of inpatient admission, discharge, and transfer to specified practitioners, practice groups or entities, and applicable post-acute care providers and suppliers with established care relationships that need the information for treatment, care coordination, or quality improvement activities (85 FR 25603). To evidence reasonable effort, and thereby meet the minimum compliance requirements, hospitals must implement policies, processes, and systems that determine established care relationships across the required recipient types and send e-notifications accordingly. To determine these care relationships, hospitals need the ability to not only obtain patient-identified provider information at the point of care, but to also obtain care relationship information from applicable recipients through a patient roster and notification request process. Hospitals or their intermediaries will also need the ability to match patient events accurately to ensure appropriate data disclosure; assure security protocols and required data sharing agreements are in place; and send e-notifications in real time for the required care events, consistent with patients’ privacy preferences and applicable law, to the specified recipient(s). Demonstrating these capabilities will not only support CoP compliance efforts, but will also support hospitals in their efforts to reduce information blocking practices in accordance with the provisions outlined in the ONC’s Cures Act Final Rule (85 FR 25642). This white paper will explain the requirements of the e-notification CoP, discuss how hospitals can meet the reasonable effort provision, review the compliance survey process, and provide a capability and a compliance checklist that hospitals can use to evaluate their e-notification readiness and solution.
E- Notification Condition of Participation Requirements The CMS Interoperability and Patient Access Final Rule outlines the minimum requirements that hospitals must meet in order to be compliant with the new e-notification CoP. The below discussion will review those requirements and provide additional context on what it means to be in compliance. IMPACTED HOSPITALS The e-notification CoP requirements apply to all hospitals, psychiatric hospitals, and Critical Access Hospitals that use an electronic medical record system or another electronic administrative system that is conformant with the HL7 2.5.1 content exchange standard as specified at 45 CFR 170.205(d)(2) (85 FR 25592). All Medicare- and Medicaid-participating short-term acute care hospitals, cancer hospitals, children’s hospitals, rehabilitation hospitals (or Inpatient Rehabilitation Facilities), long-term care hospitals, and transplant programs are included as part of the hospital requirements (42 CFR 482) and must therefore meet the e-notification CoP. The specific e-notification provisions will be inserted at 42 CFR 482.24(d) for hospitals, at 482.61(f) for psychiatric hospitals, and at 485.638(d) for Critical Access Hospitals (CMS-9115-F 350). CMS states in the final rule that: “...the provisions require a hospital or a CAH to demonstrate compliance with all of the provisions contained at 42 CFR 482.24(d), 482.61(f), and 485.638(d) only if it utilizes an electronic medical records system or other electronic administrative system that is conformant with the content exchange standard at 45 CFR 170.205(d)(2)” (85 FR 25602-25603). E-NOTIFICATIONS - EVENT TYPES AND TIMING Hospitals are required to send e-notifications at the time of a patient’s inpatient admission, discharge, and transfer and at emergency department presentation/registration and discharge, when the delivery of such e-notification is permissible under applicable federal and state laws and regulations, and not inconsistent with the patient’s expressed privacy preferences. CMS was deliberate in requiring e-notifications be sent in real time, i.e. “at the time of” an event occurring. Real-time delivery of the e-notification not only eliminates information delays and improves current information sharing practices, but also guarantees the information is actionable, which maximizes care coordination opportunities across the care continuum and improves patient outcomes. An e-notification delay lasting hours or days or sending batched e-notifications will not meet the rule requirements to send notifications “at the time of” an event occurring. The following excerpts highlight these requirements and goals: “...the system sends notifications directly, or through an intermediary that facilitates exchange of health information, at the time of: the patient’s
PATIENTPING.COM •
3
registration in the hospital’s [or CAH’s] emergency department (if applicable); or the patient’s admission to the hospital’s [or CAH’s] inpatient services (if applicable)” (85 FR 25603, emphasis added). “...the system sends notifications directly, or through an intermediary that facilitates exchange of health information, at the time of: the patient’s discharge or transfer from the hospital’s [or CAH’s] emergency department (if applicable): or the patient’s discharge or transfer from the hospital’s [or CAH’s] inpatient services (if applicable)” (85 FR 25603, emphasis added). “We believe patient event notifications are most useful when tied to admission (or registration, as is the term generally used for patients seen in the ED) and discharge events, as receiving near-real time information about a patient’s hospitalization can ensure receiving providers, facilities, and practitioners are able to act quickly to ensure successful care coordination” (85 FR 25602). E-NOTIFICATIONS - CONTENT AND FORMAT CMS specified the minimum data elements that each e-notification message must contain - patient name, treating practitioner name, and sending institution name. Specifically, CMS states: “We are redesignating 42 CFR 482.24(d)(3), 482.61(f)(3), and 485.638(d)(3) as 42 CFR 482.24(d)(2), 482.61(f)(2), and 485.638(d)(2), respectively, and also revising the regulatory text to now state that the system sends notifications that must include at least patient name, treating practitioner name, and sending institution name” (85 FR 25603, emphasis added). While the required data elements are limited, CMS states within the rule that they only represent a minimum floor and hospitals are encouraged to send more information, where not otherwise prohibited by federal or state law and regulations, to help facilitate treatment, care coordination, or quality improvement activities across the care continuum. While CMS reversed its initially proposed requirement of including diagnosis information as part of the e-notification message, CMS points to the clinical importance of sharing more detailed patient information and encourages the inclusion of more information where permissible. CMS also signaled that these minimum requirements may evolve over time as part of future rulemaking. CMS articulates these sentiments as follows: “Our intention for this proposal has been to set a minimal floor for patient event notifications” (85 FR 25597, emphasis added). “We wish to reiterate that this final policy in no way precludes hospitals from including additional information, such as diagnosis, in a patient event notification” (85 FR 25597).
“...hospitals are not prohibited from sending more detailed information under these requirements and we would expect each hospital is fully aware of its own capacity to send additional patient information, other applicable laws governing this, and the capacities of the intended recipients to receive additional patient information, and would base its decisions to send additional information on these factors as well as on what is best for the patient” (85 FR 25590). “...we encourage hospitals to consider other information that can be added to patient event notifications to support care coordination.” (85 FR 25597) CMS did not specify a format or method of how e-notifications need to be delivered to recipients and leaves that determination to the hospital or its intermediary. CMS notes: “We are not specifying a format or transport method for patient event notifications. Accordingly, hospitals could use a mix of approaches to deliver patient event notifications, for instance, by partnering with an intermediary to deliver notifications to external providers, while using features internal to a shared EHR system to transmit information to providers that are part of the same organization” (85 FR 25602). USE OF INTERMEDIARIES CMS gives hospitals the option to build their own internal infrastructure to directly manage and send e-notifications to all applicable recipients or to use an intermediary to fulfill the e-notification functions. The requirements hold that: “...the system sends notifications directly, or through an intermediary that facilitates exchange of health information...” (85 FR 25603). CMS also acknowledges that intermediaries can reduce the administrative and technical burden placed on hospitals to implement the new CoP e-notification requirements stating: “We...agree that the use of intermediaries to deliver patient notifications can reduce burden on hospitals and support effective notification systems” (85 FR 25598). However, even when hospitals decide to use intermediaries, hospitals continue to remain ultimately accountable for ensuring that e-notifications are sent to the set of applicable recipients outlined in the final rule and discussed in detail below. Any intermediary that guarantees compliance for hospitals with the CoP requirements, therefore, must have the capabilities to accurately match, manage, send, and route e-notifications in real time to all applicable recipients. Any systematic exclusion of certain recipients, based on the type of entity (for example post-acute care providers and suppliers);
PATIENTPING.COM •
5
geographic restrictions (such as entities not located within a certain state or county); or simply not sending notifications to any recipients outside the health system, would not meet compliance requirements. It is therefore incumbent upon the hospital to fully vet intermediary solutions and capabilities against all CoP requirements to ensure its compliance. CMS states in the final rule: “...if a hospital makes exclusive use of an intermediary to satisfy the CoP, the hospital would still be subject to the requirement that notifications must be sent to the set of recipients we are finalizing in this rule, specifically all applicable post-acute care services providers and suppliers as well as a patients’ primary care practitioners or practice groups and entities primarily responsible for a patient’s care, as well as practitioners identified by the patient. Given this requirement, exclusive use of an intermediary with a limited ability to deliver notifications to the specified set of recipients, for instance an intermediary which restricts its delivery to only those providers within a specific integrated health care system, would not satisfy the CoP. Alternatively, if a hospital demonstrates that an intermediary connects to a wide range of recipients and does not impose restrictions on which recipients are able to receive notifications through the intermediary, exclusive use of such an intermediary would satisfy the CoP” (85 FR 25599, emphasis added). CMS further clarifies that intermediaries that do facilitate the sending of e-notifications to all required recipient types without limitations or exclusions will meet CoP requirements. Specifically, CMS states: “Alternatively, if a hospital demonstrates that an intermediary connects to a wide range of recipients and does not impose restrictions on which recipients are able to receive notifications through the intermediary, exclusive use of such an intermediary would satisfy the CoP” (85 FR 25599). PATIENT PRIVACY PREFERENCES The sending of e-notifications must adhere to applicable federal and state laws and regulations, and not be inconsistent with the patient’s expressed privacy preferences. This means if a patient has indicated a preference of not sharing their information with other providers, hospitals and/or their intermediary must honor those preferences and restrict e-notifications for that patient. To send e-notifications consistent with patient preferences, hospitals or their intermediary will need the ability to collect such patient preferences and to then translate and apply those preferences to the sending or suppression of e-notifications accordingly. Unless there are other applicable state laws that supersede HIPAA, patient consent is not required to share e-notifications under this CoP for treatment, care coordination, and quality improvement activities. The final rule states:
“We note that hospitals would not be required to obtain patient consent for sending a patient event notification for treatment, care coordination, or quality improvement purposes as described in this final policy. However, we also recognize that it is important for hospitals to be able to honor patient preferences to not share their information” (85 FR 25601, emphasis added). “...to the extent permissible under applicable federal and state law and regulations, and not inconsistent with the patient’s expressed privacy preferences, the system sends notifications directly, or through an intermediary” (85 FR 25603, emphasis added). APPLICABLE NOTIFICATION RECIPIENTS Hospitals are required to send e-notifications in real time to those recipients with established care relationships that need the information for treatment, care coordination, or quality improvement purposes, a concept that is even further supported by the ONC’s information blocking provisions. To meet minimum requirements, hospitals need to send e-notifications to those recipients that fall within the specified recipient categories outlined below. Specifically, the final rule states: “...the system sends the notifications to all applicable post-acute care services providers and suppliers, as well as to any of the following practitioners and entities, which need to receive notification of the patient’s status for treatment, care coordination, or quality improvement purposes: the patient’s established primary care practitioner; the patient’s established primary care practice group or entity; or other practitioner, or other practice group or entity, identified by the patient as the practitioner, or practice group or entity, primarily responsible for his or her care” (85 FR 25603). “...hospitals must send notifications to those recipients that ‘need to receive notifications of the patient’s status for treatment, care coordination, or quality improvement purposes’” (85 FR 25598). As stated in the final rule, the specified recipient categories are a patient’s: • • •
•
Established primary care practitioner Established primary care practice group or entity Other practitioner, or other practice group or entity, identified by the patient as the practitioner, or practice group or entity, primarily responsible for his or her care Applicable post-acute providers and suppliers
CMS defines applicable post-acute providers and suppliers as: “...those with an established care relationship immediately preceding the hospital registration or admission (such as a PAC services provider or supplier from which the patient was transferred to the hospital) or those
PATIENTPING.COM •
7
with which a relationship is being established for purposes of treatment and/or care coordination post-discharge from the hospital” (85 FR 25594). Within these different recipient categories fall specific provider types. Provider examples include but are not limited to the following: Required E-Notification Recipient Category
Examples
Established primary care practitioner
Practitioners specialized in internal medicine, general medicine, geriatrics, pediatrics, family practice, etc.
Established primary care practice group or entity
FQHCs, primary care practices, Accountable Care Organizations that have been delegated by participant PCPs to coordinate care on behalf of their assigned beneficiaries, etc.
Other practitioner, or other practice group or entity, identified by the patient as the practitioner, or practice group or entity, primarily responsible for his or her care
Primary care practitioners, specialists (e.g. cardiologists, endocrinologists, oncologists, OB-GYNs), community-based mental health clinics, multi-speciality groups, etc. as identified by the patient
Applicable post-acute providers and suppliers
Skilled Nursing Facilities, Home Health Agencies, Hospice, etc.
CMS did not place any geographic restrictions on e-notification recipients or on the sending of e-notifications. In large part, this is a recognition by CMS that many patients receive specialized, tertiary hospital services outside their immediate community or reside in different states in the span of a year (e.g. Medicare “snowbird” beneficiaries) with established practitioners in each. It is therefore necessary for hospitals to have the ability to send e-notifications to patients’ established primary care practitioners, practice groups/entities, and post-acute providers located across state lines or in different geographic catchment areas if they are identified by the patient or if they need the information for ongoing treatment, care coordination, or quality improvement activities. CMS also supports hospitals to send e-notifications to additional recipients, in accordance with applicable laws, that are not necessarily mandated under the CoP requirements but can greatly support care coordination efforts and benefit patient care. CMS states: “We note that this final policy does not prevent a hospital from sending patient event notifications to other practitioners, in accordance with all
applicable laws, who may be relevant to a patient’s post-discharge care and would benefit from receiving patient event notifications, nor would it prevent a hospital from seeking to identify these other practitioners” (85 FR 25593). Hospitals are required to send e-notifications to any applicable recipient except those that have made the specific request not to receive certain e-notifications. If a subset of notifications are not sent to applicable recipients, the hospital or intermediary should document those preferences so compliance can be maintained and evidenced during the survey process. CMS clarifies this exception as follows: “...while a hospital’s system must be able to send notifications at both admission and discharge, as well as at the time of registration in the emergency department, if a specific provider prefers only to receive notifications upon discharge, nothing would prevent the hospital from limiting the notifications sent to that provider accordingly” (85 FR 25598). ADDITIONAL IMPLICATIONS - AVOIDING INFORMATION BLOCKING Hospitals also need to consider that the CMS e-notification CoP is intended as a complementary counterpart to the information blocking provisions set forth in the ONC Cures Act Final Rule (85 FR 25642). The primary intent of both rules is to increase interoperability and access to information, while proactively eliminating information blocking practices. The ONC information blocking provisions will be implicated when there’s a practice that limits the exchange of electronic health information (EHI). Non-compliance with the CMS e-notification CoP will be seen as such a practice as it would prevent the sharing of EHI for treatment, care coordination, or quality improvement and population health management activities. Specifically, the ONC final rule states that: “The information blocking provision will almost always be implicated when a practice interferes with access, exchange, or use of EHI for certain purposes, including but not limited to: •
Ensuring that health care professionals, care givers, and other authorized persons have the EHI they need, when and where they need it, to make treatment decisions and effectively coordinate and manage patient care and can use the EHI they may receive from other sources....
•
Ensuring that health care providers can access, exchange, and use EHI for quality improvement and population health management activities.” (85 FR 25810)
Hospitals that meet the e-notification CoP requirements can further demonstrate their ability to share information with other providers across the care continuum, which will support their efforts in complying with the ONC’s information blocking provisions. Hospitals should therefore
PATIENTPING.COM •
9
consider the CoP requirements in conjunction with the Cures Act provisions and implement policies, processes and systems that support information sharing across the care continuum to achieve requirements set out under both rules. All of the above outlined requirements will be part of the e-notification CoP and hospitals will need to put policies, processes and systems in place to ensure their compliance with these new requirements. The following section will further discuss how hospitals can meet the “reasonable effort” provision stipulated by CMS and demonstrate their e-notification compliance to survey teams.
Meeting Compliance by Demonstrating Reasonable Effort CMS will require hospitals to make a reasonable effort to send the specified e-notifications to all applicable recipients, including established primary care practitioners, primary care practice groups or entities, post-acute providers and suppliers, as well as other practitioners and practice groups or entities identified by the patient that need the information for treatment, care coordination, or quality improvement activities. CMS states: “we are revising our final policy (at 42 CFR 482.24(d)(5), 482.61(f)(5), and 485.638(d)(5)) to now require that a hospital (or a CAH) must demonstrate that it “has made a reasonable effort to ensure that” the system sends the notifications to any of the following that need to receive notification of the patient’s status for treatment, care coordination, or quality improvement purposes to all applicable post-acute care services providers and suppliers and: (1) the patient’s established primary care practitioner; (2) the patient’s established primary care practice group or entity; or (3) other practitioner, or other practice group or entity, identified by the patient as the practitioner, or practice group or entity, primarily responsible for his or her care” (85 FR 25599). To demonstrate reasonable effort, CMS specifically notes that hospitals have to implement policies, processes and systems that identify established care relationships and that can facilitate the sending of e-notifications to those applicable recipients without systematic exclusions or limitations. CMS states: “We note that under the CoP, a hospital would be required to demonstrate that its system sends notifications to appropriate recipients. We expect that hospitals would demonstrate this capability in variety [sic] of ways, for instance, by demonstrating that the hospital has processes and policies in place to identify patients’ primary care practitioners and incorporate this information into the patient event notification system, or through recording information received from patients about their providers” (85 FR 25593).
While the CoP regulatory lever mandates hospitals to implement the e-notification policies and processes across all specified recipient types, CMS does not expect hospitals “...to be capable of electronically communicating with every possible provider, facility, or practitioner system, or of satisfying every possible preference for delivery of patient event notifications that a provider, facility, or practitioner might attempt to impose on the hospital” (85 FR 25601). Additionally, hospitals will not be determined out of compliance in the limited instances where the identity of a specific notification recipient cannot be reliably established through the implemented processes and systems resulting in the lack of an e-notification: “Under our final policy, hospitals would be required to make a “reasonable effort” to ensure their systems send notifications to the specified recipients. We believe this standard will account for instances in which a hospital (or its intermediary) cannot identify an appropriate recipient for a patient event notification despite establishing processes for identifying recipients, and thus is unable to send a notification for a given patient” (85 FR 25602).
To meet the reasonable effort provision, therefore, hospitals or their intermediary have to implement, at minimum, policies and processes that identify patients’ established care relationships, i.e. applicable notification recipients, and to send e-notifications containing the specified set of information for the required event types to the identified recipients in real time.
To meet the reasonable effort provision, therefore, hospitals or their intermediary have to implement, at a minimum, policies and processes that identify patients’ established care relationships, i.e. applicable notification recipients, and to send e-notifications containing the specified set of information for the required event types to the identified recipients in real time. Even if the recipient identity cannot ultimately be ascertained in some instances, the hospital or intermediary has to show that processes and policies are implemented to identify all required recipient types.
PATIENTPING.COM •
11
To meet these requirements, hospitals or their intermediary will need the ability to perform the following five functions: 1.
Determine patients’ established care relationships To determine patients’ established care relationships and thereby the required e-notification recipients that need the information for treatment, care coordination or quality improvement activities, hospitals and/or their intermediary will need two distinct capabilities. Capability 1: have policies, processes and systems in place that enable the collection of patient-identified provider information, for example a patient’s primary care practitioner, at the point of care and generate e-notifications based on that information. This will allow hospitals to meet the requirement of sending e-notifications to the “...other practitioner, or other practice group or entity, identified by the patient as the practitioner, or practice group or entity, primarily responsible for his or her care” (85 FR 25603). Capability 2: have policies, processes and systems in place to determine patients’ established care relationships for providers beyond those identified directly by patients at the point of care to meet the requirement of sending notifications to “...all applicable post-acute care services providers and suppliers, as well as to any of the following practitioners and entities, which need to receive notification of the patient’s status for treatment, care coordination, or quality improvement purposes: the patient’s established primary care practitioner; the patient’s established primary care practice group or entity…” (85 FR 25603). Hospitals or their intermediary can fulfill this second capability by implementing a care relationship focused patient roster and notification request process for e-notification recipients. Specifically, this process allows hospitals to meet rule requirements by enabling the identification of established care relationships and the subsequent sending of e-notifications to applicable recipients, e.g. primary care practice groups/entities and post-acute providers, that need the information for treatment, care coordination, or quality improvement activities. Hospitals or intermediaries can implement this process by setting up systems that ingest and manage patient rosters, e.g., patient panels or census lists, and base the sending of required e-notifications on such matched patients and their care events. In effect, this process enables applicable recipients, regardless of type and location, to request and receive needed e-notifications while at the same time allowing hospitals or their intermediary to meet compliance requirements without systematic notification gaps. Applicable recipients that do not want to receive e-notifications have the option to forgo this process. Using this process to determine established care relationships and to send e-notifications accordingly will allow hospitals to meet the minimum CoP requirements that state:
“...a hospital (or a CAH) must demonstrate that it “has made a reasonable effort to ensure that” the system sends the notifications to any of the following that need to receive notification of the patient’s status for treatment, care coordination, or quality improvement purposes to all applicable post-acute care services providers and suppliers and: (1) the patient’s established primary care practitioner; (2) the patient’s established primary care practice group or entity…” (85 FR 25599). “...hospitals must send notifications to those recipients that ‘need to receive notifications of the patient’s status for treatment, care coordination, or quality improvement purposes’” (85 FR 25598). Because patients’ established care relationships often change, hospitals and/or intermediaries will need the ability to frequently update the established care relationships to meet ongoing notification requirements. For example, home health agencies and skilled nursing facilities begin services daily for patients that are newly discharged from hospitals so e-notification needs and care relationships changes must be updated accordingly to meet CoP requirements. In addition, because patients can have established care relationships with practitioners or practice groups/entities in other states or regions, hospitals and intermediaries need to ensure that their processes enable the identification of those recipients and facilitate the sending of e-notifications accordingly. Hospitals or intermediaries will need to ensure their systems can keep established care relationship information current and accurate to avoid sending e-notifications to incorrect recipients and thereby risking possible disclosure incidents. For instances where the hospital or intermediary is unable to reliably identify the applicable recipient, no notification must be sent but documentation should be kept for audit purposes. 2. Match patients and care events to applicable e-notification recipients To meet the rule requirement of sending e-notifications in real time, the matching process to generate an e-notification has to be completed instantly.
Once an established care relationship is determined through a patient’s provided information at the point of care or through the roster process, hospitals or intermediaries need to ensure that patient care events are accurately matched against the rosters and/or a national provider directory to ensure e-notifications are sent and routed to the intended recipient. This will require hospitals or intermediaries to create a matching algorithm with a high accuracy match rate. The match rate for the roster process should be ≥ 99% (The Pew Charitable Trusts 10) to ensure with high confidence that notifications are sent to the intended recipients, to prevent security incidents, and to avoid missed notifications. Given there is no national patient identifier at this time, hospitals or intermediaries will need to rely on obtained patient demographic data and match patients to recipients accordingly. To meet the rule requirement of sending e-notifications in real time, the matching process to generate an e-notification has to be completed
PATIENTPING.COM •
13
instantly. In cases where the identity of the recipient cannot be established after following the patient roster and provider directory lookup processes, hospitals or the intermediary should document the inability to ascertain the provider’s identity for audit purposes. The inability to determine e-notification recipients should be infrequent and must not be a systematic deficiency across recipient types. 3. Generate a real-time e-notifications for required care events based on privacy and notification preferences Once a match has been identified, the hospital or intermediary will need to confirm whether the e-notification should be sent and routed based on the patient’s privacy preferences. Notifications must always be consistent with patients’ privacy preferences and must not be sent if the patient has opted out of having their information shared. If the recipient provider has affirmatively declined to receive certain e-notifications, the hospital or intermediary is not required to send e-notifications to that recipient. As stated above, any reason for non-delivery of notifications should be documented for audit purposes.
The hospital or intermediary will need to send and route e-notifications to the identified recipient(s) in real time. Batched or delayed e-notifications will not fulfill this requirement.
4. Send and route e-notifications in real time The hospital or intermediary will need to send and route e-notifications to the identified recipient(s) in real time. Batched or delayed e-notifications will not fulfill this requirement. Because CMS did not specify the mechanism of how e-notifications are to be sent, hospitals or their intermediaries can determine their preferred process. However, before e-notifications are sent, hospitals or their designated intermediaries need to ensure that any required data sharing agreements and security protocols are in place to protect patient data and prevent security incidents. 5. Create an e-notification audit log CMS does not require hospitals to collect read receipts from e-notification recipients but for the medical records services CoP audit purposes (discussed in more detail below), hospitals or their intermediaries will need the ability to demonstrate that e-notifications were sent appropriately for the surveyor’s review of the randomly selected sample of patient records. A record that details when and to whom e-notifications have been sent will allow a hospital to demonstrate compliance during a survey. Hospitals or intermediaries that demonstrate their ability to meet these five functions and have implemented policies, processes and systems to facilitate them will be able to evidence that they have made a reasonable effort to meet compliance requirements. This means that hospitals cannot automatically default to their current e-notification delivery practices if that status quo restricts the sending of e-notifications to certain subgroups of required recipient types or geographies, is unable to determine established
care relationships and send e-notifications accordingly, or does not fulfill the real-time e-notification requirement. Hospitals should assess their current notification practices and capabilities against the requirements and address any deficiencies before the new CoP goes into effect in May 2021 (85 FR 25603).
Compliance Surveys for the E-Notification CoP
50%
CMS certification is critical as it determines whether hospitals can receive Medicare and Medicaid payments, which often make up more than 50% of a hospital’s payer mix.
Conditions of Participation are the most significant and consequential regulatory lever that CMS has to authorize or terminate a hospital’s certification. CMS certification is critical as it determines whether hospitals can receive Medicare and Medicaid payments, which often make up more than 50% of a hospital’s payer mix. To receive or maintain certification, hospitals must meet all CoPs, making compliance with all CoP standards and conditions essential to hospital operations. The threat of losing CMS certification and associated CMS payments due to CoP non-compliance cannot be underestimated. CoPs also serve as the minimum requirements that CMS sets to protect the health and safety of patients and to improve quality of care. They are critical to all aspects of hospital operations and address policies and procedures related to infection control, staffing ratios, medical records documentation, compliance with applicable federal, state, and local laws, and patient’s rights among others. CoPs are the provisions that State Survey Agencies and Accreditation Organizations audit during their unannounced surveys and hospitals are assessed for all services, areas, and locations which operate as one unit for compliance purposes. Refusal by a hospital to participate in a survey can lead to the termination of its certification. Deficiencies with any CoP can also lead to certification termination and will set off a cascade of time-bound termination and corrective action procedures. E-NOTIFICATION COMPLIANCE SURVEY PROCESS To assess compliance, surveyors follow the interpretive guidelines in the State Operations Manual, which specify the procedures and methods the survey teams will follow when determining a hospital’s compliance status. To assess CoP compliance, survey teams review documented hospital policies and processes, conduct interviews, and review a random sample of medical records. Any deficiencies will be formally documented by the survey team on CMS Form 2567 “Statement of Deficiencies and Plan of Correction” and hospitals must follow specific time-bound processes to correct them. Specifically, hospitals have 10 calendar days to return a plan of correction after receiving a warning letter with the documented deficiencies. Unless hospitals remediate deficiencies, termination of CMS certification will go into effect after a maximum of 90 days.
PATIENTPING.COM •
15
CMS will insert the new e-notification requirements as part of the Medical Records Services CoP at 42 CFR 482.24(d) for hospitals, at 482.61(f) for psychiatric hospitals, and at 485.638(d) for Critical Access Hospitals (85 FR 25602-25603). Given the e-notification requirements will fall under the Medical Records Services CoP, the survey will follow the processes outlined in State Operations Manual (SOM Appendix A 266), including: • • •
Review of the organizational structure and policy statements Interview with the person responsible for the medical records service Review of a sample of 10 percent of the hospital’s average daily census and no less than 30 records for completeness and accuracy in accordance with Federal and State laws and regulations and hospital policy
Hospitals will therefore need documented policies and processes about how the e-notification requirements have been implemented and are followed. Hospitals will also need to be ready to provide documentation, e.g. audit logs or similar, related to e-notifications that have been sent for the random sample of medical records that will be audited. Survey teams will assess whether hospitals meet the minimum requirement for e-notification timing, content, and scope. Hospitals will need to show compliance with the minimum requirements and evidence through policies, processes and systems that they have made a reasonable effort to send e-notifications. Hospitals should be prepared to explain and justify any missing e-notifications.
Key Considerations and E-Notification Readiness Checklists Impacted hospitals have until May 1, 2021 to ensure they are compliant with the new e-notification CoP requirements. To ensure hospitals meet reasonable effort provisions and compliance with all components of the new CoP, hospitals and/ or their intermediaries will need to assess their solution functionality against the list of key capabilities outlined below so they can meet the required elements of compliance. To meet the minimum e-notification CoP requirements, hospitals and/or their intermediaries must have the capabilities outlined in the below Capability Checklist. CAPABILITY CHECKLIST FOR HOSPITALS AND INTERMEDIARIES: ▫
Determine patient-identified established care relationships ▫
Implement policies, processes and systems that allow patients to
directly identify specific practitioners, practice groups or entities, and post-acute providers and suppliers primarily responsible for their care ▫
▫
▫
Determine patients’ established care relationships with primary care practitioners, primary care practice groups or entities, and applicable post-acute providers and suppliers ▫
Implement policies, processes and systems that facilitate a roster and notification request process to determine established primary care practitioners, primary care practice groups or entities, and post-acute providers and suppliers that need notifications for treatment, care coordination, or quality improvement activities
▫
Collect established care relationships from applicable recipients submitting rosters, census lists, or similar for notification request and fulfillment
▫
Ensure the system has the ability to identify applicable established care relationships across all required recipient types and regardless of recipient location to avoid systematic gaps in e-notifications
Create appropriate data sharing rights, security, and trust with e-notification recipients ▫
▫
▫
Collect and document patients’ provider information at the point of care during registration, through a patient portal, or similar processes
Set up a scalable system to manage data sharing agreements and security protocols to protect patient information and to minimize security incidents and breaches
Match patients to e-notification recipients with high accuracy ▫
Create and execute against a high accuracy matching algorithm - to prevent security incidents and poor data matching performance, matching accuracy rates should be ≥ 99% for roster processes
▫
Match patients to established care relationships to ensure all required notification recipients are identified for the sending of e-notifications
▫
Ensure patient matching and care relationship attributions are determined in real time when a care event occurs
▫
Document any recipients who cannot be identified
Collect and record patient privacy preferences and generate e-notifications accordingly ▫
Create policies, processes and systems to collect and record patient privacy preferences
▫
Generate e-notifications based on patients’ recorded privacy
PATIENTPING.COM •
17
preferences - e-notifications must not be inconsistent with patients’ privacy preferences and must be suppressed for those patients that do not want their information shared ▫
▫
▫
▫
Send e-notifications in real time ▫
Create systems that send real-time e-notifications to meet the requirement of sending notifications “at the time of” a care event occurring
▫
Ensure the system can send and route e-notifications to all expected recipients
▫
Ensure the system sends e-notifications for all required patient events
Send e-notifications to applicable recipients regardless of type or location ▫
Ensure no geographic limitations exists for the sending of e-notifications so applicable recipients can receive e-notifications for established patients even if they are located across state lines and regions
▫
Ensure mechanisms are in place to send e-notifications to the minimum set of required notification recipient types
Evidence compliance for surveys/audits ▫
Implement policies, processes and systems that demonstrate how the e-notification solution functions, explain the workflows that have been implemented to support the identification of patients’ established care relationships, and show how e-notification information is captured
▫
Provide a audit report or log to show when/to whom e-notifications have been sent to evidence the ability to send e-notifications in real time without systematic notification gaps
[optional] Meet e-notification recipient preferences ▫
▫
Have the ability to filter e-notifications based on recipient preferences for event types
[optional] Make the e-notification process easy and accessible for recipients ▫
Focus on building strong and mutually beneficial community provider relationships across the continuum of care through a high-satisfaction and easy-to-use notification system
These capabilities will allow hospitals and intermediaries to meet the elements of the CoP requirement checklist as outlined below. E-NOTIFICATION COMPLIANCE CHECKLIST FOR HOSPITALS AND INTERMEDIARIES: ▫
E-notifications are sent for inpatient admissions, discharges and transfer events as well as for emergency department presentation/registration and discharge events
▫
E-notifications are sent in real time - at the time of admission, presentation/registration, discharge, and transfer
▫
E-notifications include at minimum patient name, treating practitioner name, and sending institution name
▫
E-notifications are sent to the practitioners, practice groups or entities, and post-acute providers and suppliers identified directly by patients
▫
E-notifications are sent to the established primary care practitioners, established primary care practice groups or entities, and applicable post-acute providers and suppliers that have an active care relationship with the patient and need the information for treatment care coordination, or quality improvement activities
▫
E-notifications are not inconsistent with patients’ privacy preferences - no e-notifications must be sent for patients that do not want their information to be shared
▫
Required data sharing agreements must be in place and e-notifications must be consistent with applicable federal and state laws and regulations
▫
Policies, processes, and systems must be in place to show how e-notifications have been implemented and to demonstrate reasonable effort for purposes of compliance surveys
PATIENTPING.COM •
19
ABOUT PATIENTPING PatientPing is an innovative care collaboration platform that reduces the cost of healthcare and improves patient outcomes by seamlessly connecting providers to coordinate patient care. The platform enables providers to collaborate on shared patients through a comprehensive suite of solutions and allows provider organizations, health plans, governments, individuals and the organizations supporting them to leverage real-time patient data to reach their shared goals of improving the efficiency of our healthcare system. To learn more about the e-notifications CoP, visit www.adtnotifications.com and patientping.com or contact connect@patientping.com.
References 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program, 85 Fed. Reg. 25642-25961 (2020, May 1) (to be codified at 45 C.F.R 170 and 171). Retrieved June 1, 2020, from: https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-07419.pdf Centers for Medicare and Medicaid Services. (2020, February 21). State Operations Manual Appendix A - Survey Protocol, Regulations and Interpretive Guidelines for Hospitals. Retrieved June 1, 2020, from: https://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/downloads/som107ap_a_hospitals.pdf Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Interoperability and Patient Access for Medicare Advantage Organization and Medicaid Managed Care Plans, State Medicaid Agencies, CHIP Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans on the FederallyFacilitated Exchanges, and Health Care Providers, 85 Fed. Reg. 25510-25640 (2020, May 1) (to be codified at 42 C.F.R. 406, 407, 422, 423, 431, 438, 457, 482, 485 and 45 C.F.R. 156). Retrieved June 1, 2020, from: https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-05050.pdf The Pew Charitable Trusts. (2018, October). Enhanced Patient Matching Is Critical to Achieving Full Promise of Digital Health Records. Retrieved June 1, 2020, from: https://www.pewtrusts.org/-/media/assets/2018/09/healthit_enhancedpatientmatching_report_final.pdf