We know compliance can be an intimidating fear for most therapy and rehab providers, especially with the latest Medicare updates, information blocking requirements, and more. But it doesn’t have to be…
Join us as we explain how the right technology can help your practice achieve regulatory compliance and avoid penalties, all while focusing on healthcare’s three most important acronyms for compliant EMR software.
- HIPAA
- MIPS
- ONC
HIPAA, MIPS, and ONC (Oh My!)
While all of these are important, it’s critical for any therapy and rehab practice to know the difference between them as well as learn how to meet their requirements in addition to why it’s impactful for patients.
1. HIPAA
This acronym was brought about in 1996 when the Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress. HIPAA laws govern who has access to patient information or can retrieve patient records as well as limits the use and release of protected health information (PHI). In addition, it establishes privacy standards that healthcare providers must follow, regardless of the practice management technology they use – even if a practice transitions to an electronic medical record (EMR) or electronic health record (EHR) system, HIPAA compliance rules remain the same.
Under HIPAA requirements, patients hold key privacy rights over their medical records. To comply with the rules governing these rights, healthcare providers must comply with certain obligations.
- Patients can see or get a copy of their medical or other health records
- Patients can ask for erroneous information to be changed or add information to their health file
- Patients are allowed to ask how their doctor or health insurer shared or used their health records
- Patients can ask that certain parts of their health information or even all of their records, are not shared
- Patients can ask to be contacted elsewhere other than at home
2. MIPS
The Merit-Based Incentive Payment System (MIPS) determines payment adjustments to Medicare Part B claims based on a composite performance in four performance categories. Reimbursements made through this system include payment bonuses, payment penalties, or no payment adjustments for eligible clinicians.
Designed to incentivize providers to deliver cost-efficient, quality care, MIPS also encourages improvement in health outcomes, supports the use of improvement activities and care processes, increases the responsible use of healthcare information, as well as reduces healthcare costs.
What’s more, if a provider is MIPS eligible, that means that their EMR platform offers the ability to sort and measure patients by demographics or scope of care. This functionality is essential when it comes to simplifying data collection and organization efforts as well as streamlining the MIPS submission process.
3. ONC
ONC stands for Office of the National Coordinator (ONC) for Health Information Technology and falls under the purview of the Office for Civil Rights (OCR) within the Department of Health and Human Services. This means that guidance and interpretations of HIPAA privacy and security rules applicable to EHRs, personal health records, and health information technology all come from the ONC. Charged with allowing electronic use and exchange of patient information, ONC also develops regulations that cover the certification of EMRs, encourages public input, and implements grant programs.
Is Your EMR Keeping Up with Compliance?
Compliance is not optional, but despite this, there is still a split between EMRs / EHRs and HIPAA regulations. The problems usually trace to misconceptions and misunderstandings about what is needed for compliance between EHRs and HIPAA, leaving healthcare providers on the wrong side of HIPAA breaches and holding some hefty violation fines.
The HIPAA Security Rule
In 2013, the Department of Health and Human Services made modifications to HIPAA rules concerning security. Known as the Security Rule, it establishes national standards designed to protect an individual’s PHI. Under this rule, appropriate administrative, technical, and physical safeguards are required to ensure the integrity, confidentiality, and security of protected electronic health records.
HIPAA Compliance = Information Security
Most patients consider their health information private and want it protected. That’s why under the Security Rule, specific protection measures are implemented to safeguard patient information. To remain compliant with these regulations, protections that should be built into an EHR system include:
- Access control tools such as PIN numbers and passwords
- Encrypted information that is stored
- An audit feature that tracks who accessed information and what changes are made to records and when
Because privacy and security rights are so important, HIPAA also requires a provider to retain medical records for at least six years after the date of creation or the date when it was last in effect.
MIPS Compliance
Under MIPS requirements, an EMR report must cover four specific categories:
- Quality. This makes up 30% of the total MIPS score and can require up to six separate reports, including patient outcomes.
- Improvement Activities. This measure was created to encourage continuous improvement and innovation. It accounts for 15% of the total MIPS score.
- Promoting Interoperability. This makes up 25% of the total MIPS score and replaces the Medicare EHR Incentive Program.
- Cost. This requirement replaces the Medicare Value Modifier Program. It makes up 30% of your final MIPS score.
And if you’re interested in incentive payments from Medicare and/or Medicaid, make sure to choose an EMR that offers clinical quality reporting that encompasses all of these measures!
Why Is Using An ONC-certified EMR Important?
In 2010, the ONC selected six top organizations to test and certify EHR / EMR software to establish criteria to support the designation “meaningful use.” Dubbed ONC-Authorized Testing and Certification Bodies, or ONC-ATCBs, here are some of the specifics ONC-ATCBs require:
- ONC-ATCB certified software meets the technical capabilities, functionalities, and security requirements for “meaningful use” designation.
- ONC certification makes certain the format structure of patient data is compatible and transferable with other EHR / EMR systems.
- Use of an ONC-certified system is required to receive incentive payments from Medicare and/or Medicaid.
Raintree Takes Data Security and Privacy Seriously
As part of our ongoing mission to provide the most powerful, flexible software for therapy and rehab practices, Raintree’s EMR is ONC and Drummond certified – so you can rest easy when you pick our digital solutions to manage your daily operations! What’s more, our quality clinical reporting measures are MIPS-compliant, ensuring that your practice is set up to receive incentive payments from Medicare when you deliver care for Medicare beneficiaries.
But most importantly, our technology-enabled solutions include HIPAA-compliant documentation and patient engagement options, such as secure passwords, audit trails, and encrypted information.
If you’re ready to deliver secure, compliant care to your patients or you want to learn more about EMR compliance, schedule a discovery call, today!
