New Certification Criteria for APMs…Is This the Right Approach?

CMS and ONC are considering tying the new Alternative Payment Models (APM) being designed per the MACRA legislation to prescriptive criteria for “use” of certified EHR technology, and considering development of new certification criteria specifically created for APMs.  In doing so, do they risk going beyond congressional intent for the APM program and stifling innovation by imposing requirements on health IT beyond what is sought in the market, perhaps pursuing a strategy that may not be the best way to accomplish their end-goals – the rapid shift to value-based reimbursement and more integrated care?  Read “Health IT, Value-Based Payment, and Innovation: Let’s Get it Right”<> by Mark Segal, PhD (EHRA Chair Emeritus and Vice President of Government and Industry Affairs for GE Healthcare IT) on the GE blog page.

Shaping the Substance of MACRA: EHRA Comments Set Foundations for Success


Few, if any, health care payment and delivery initiatives underway promise to have as much impact on the nation’s shift from volume to value-based reimbursements, holistic clinical delivery, and overall system sustainability as the Medicare Access and CHIP Reauthorization Act (MACRA).

By establishing distinct and relatively complex delivery and payment tracks – the Merit-based Incentive Payment System (MIPS) and Alternative Payment Models (APMs) – programmatic vigilance and collaboration is needed by all healthcare stakeholders.

And with current and future healthcare information technology solutions a critical part of the equation – building upon similar public and private payer programs such as patient-centered medical home (PCMH) and accountable care organization (ACO) structures – the Electronic Health Record Association (EHRA) submitted detailed comments November 17 to the Centers for Medicare & Medicaid Services (CMS) in response to the agency’s MACRA request for information (RFI).

Overall, we applaud the bundling of disparate incentive programs and sun-setting individual payment adjustments, as well as advancing more clinically relevant and financially beneficial APMs focused on population health and analytics.

To make MACRA a success for all stakeholders in the short timeframe proposed, EHRA offered guidance in key areas on behalf of its health IT developer members and the provider organizations and clinicians we support.

Certification and APMs

EHRA does not support the creation of a new or specific certification program for APMs. Technology requirements should be the same between MIPS and APMs, especially in cases where providers desire to migrate from the MIPS to APM tracks.

As we noted, “a provider meeting the 25% APM threshold should not be held in the MIPS track because they do not own an ‘APM certified’ module that they did not need to successfully move 25% of their revenue to an APM.”

Further, since the 2015 Edition final rule carries with it a current start date of 2017 – which coincides with the first MIPS performance scoring year – we see little time for all stakeholders to reconcile an effective process given that the MACRA final rule is anticipated in the fall of 2016.

Instead, we believe a subset of finalized certification criteria should be identified to support interoperability, patient engagement, and care coordination to establish a foundation for all APM models and functionality. These would include transitions of care, data export, view/download/transmit (VDT), and secure messaging. From this foundation, providers involved with different types of APMs could select any additional health information technology needed to accomplish other goals, and remain in line with the EHR Incentive Program, and technology would not create a barrier for transitioning from MIPS to the APM program.

We emphasize this guidance both in terms of the RFI and to the ONC HIT Policy Committee’s Advanced Health Models and Meaningful Use Workgroup which is currently examining the need for an APM-specific certification as part of the implementation of MACRA.

MIPS Measures and Reporting

With its expanded emphasis on clinical quality measures within the MIPS track and its four scoring elements, a lot of attention needs to be paid to this process, both in terms of lessons learned and improvements.

We fully support the goal to align MIPS clinical quality measure (CQM) requirements with other Medicare and Medicaid programs, and caution that the industry is still in the early stages of migrating from claims-based measures to electronic CQMs, as well as from process-based to outcomes-based payments.

To that end, EHRA will strive to continue to work with CMS and ONC to identify and implement improvements with testing infrastructure, submissions, standards, and the process for annual measure updates.

We recommended that quality scores should be calculated using only the data from one method of submission in order to prevent duplicate reporting.

We strongly recommended that MIPS clinical practice improvement activities be reported via attestation, and that overall attestation should follow an annual cadence. We do not believe that EHRs should be used to track process measures for clinical practice improvement, as adding data capture requirements for the sole purpose of process-measurement reporting is frustrating to providers and creates inefficiencies in the care-delivery workflow.

Finally, we also strongly recommended that a system be developed wherein providers can track and manage their own MIPS performance via simplified measures, so they can anticipate performance scores and manage workflows ongoing. This should be an in-house or dashboard endeavor, and not done through reporting to CMS during the performance period.

MACRA represents a significant opportunity to improve care coordination and payment stability, supported by best practice health IT approaches. EHRA looks forward to ongoing collaborations with all stakeholders to take all advantage of the time still available to reach its goals.


Suzanne Travis (McKesson), Chair, Delivery System Reform Workgroup

Greg Fulton (Greenway Health), Vice Chair, Delivery System Reform Workgroup



EHRA’s Advice to ONC on Information Blocking

In October, we provided comments to ONC on its April 2015 “Report on Health Information Blocking”, in the spirit of collaborating to establish an environment where the right data can flow to the right party at the right time using a set of agreed-upon standards.  While some press coverage characterized our comments as negative (“…Prove It”), we in fact attempted to provide balanced feedback, recognizing that the first challenge is to come up with a definition of “information blocking” that everyone agrees on.

We clarified that charging for interface software and services should not be considered information blocking, as there are real costs incurred by EHR developers and other health IT companies in building and maintaining interfaces.  In the EHRA response, we reiterated our support for a standards-based approach to connectivity which, over time, can reduce these costs.  But we also pointed out that there are a large number of stakeholders – e.g., public health agencies – which are not compelled to use the same standards; until they are, systemic costs will continue to be higher than necessary.

We find, based on review of the report and subsequent policy discussions, that the concept of “information blocking” is still very heterogeneous, mixing perception, descriptive, and normative issues in ways that are not easily untangled.  As a result, this concept and “label” does not provide a good basis yet for policy actions or enforcement, as it could encompass a broad range of actions, few of which are likely to warrant civil or other penalties.

EHRA has seen evidence that provider and patient demand for data exchange is growing, primarily driven by new payment and delivery models, as well as increased patient engagement.  Over time, as these new financial systems gain traction, this will reduce any perverse incentives to block information that may exist, and instead focus provider organizations and software developers more clearly on addressing current interoperability challenges.

Interoperability and data exchange require organizational, policy, legal, and technical infrastructure, with much of the infrastructure for information sharing actually existing outside of EHRs.  This infrastructure, we believe, should be supported by a mix of funding entities similar to other public infrastructure in this country, such as private sector and public/private data sharing and HIE initiatives.

We encourage our member companies to read and share the full EHRA response to ONC on this important report.  And if you have any further feedback, please share it with the Standards and Interoperability (S&I) Workgroup!

Charles Parisot (GE Healthcare IT), Chair, Standards & Interoperability Workgroup

Hans Buitendijk (Cerner), Vice Chair, Standards & Interoperability Workgroup

When Health IT is Personal

Leigh Burchell, EHRA Chair and VP for Policy and Government Affairs for Allscripts, recently wrote about her own experience with health IT and how that has broadened her perspectives as both vendor and patient.  An excerpt:  “Recently…health IT has been personalized for me in an entirely different way, and I understand it from a new perspective. Thankfully, unlike many people who speak about the challenges they’re still encountering, my experience has largely been positive since becoming a breast cancer patient.”

Read the full post at




Privacy and Security, and Building Patient Trust

Earlier this year, ONC published an updated “Guide to Privacy and Security of Electronic Health Information” to help healthcare providers and ambulatory practices understand existing federal law on protected health information (PHI).  It provides guidance on how providers can use certified electronic medical record technology (CEHRT) to provide secure communications with their patients and, via secure and interoperable health IT, share patient data with other care providers.

There is a great deal of practical information provided in this guide that helps explain who is and who is not a business associate (BA), per the HIPAA regulations.   It also provides clear guidance as to when it is permissible to disclose PHI, when patient authorizations are required, and how to provide patient access to their health information.  In addition, there is a useful section on general cybersecurity explaining the threat of cyber-attacks, the use of mobile devices, and email and texting among providers and their patients.

Possibly the most valuable section is Chapter 6 where ONC defines a seven-step approach for implementing a security management process.  The guide helps explain how the security management process standard is a HIPAA requirement, and that the role of CEHRT and meaningful risk analysis is only one important component.  In Chapter 7, the ONC guide discusses what constitutes a breach, when public notification is required, and what breaches are investigated by OCR.  It also describes options to reduce the risk of unauthorized access or disclosures such as data encryption to avoid a reportable breach.

Why is this important to health IT companies, and particularly those that develop EHRs?  In a recent ONC data brief published in June 2015, it was found that 75% of individuals have concerns about the security of their medical records.  The data brief also shows that 76% of individuals want their provider to use an EHR, despite any potential privacy or security concerns.

We work with our customers every day to ensure that they achieve their objectives to improve the quality and efficiency of healthcare delivery for their patients and their organizations.  An essential component of the services we provide relates to privacy and security issues as providers employ health IT in pursuit of their organizational objectives.  We all must not only be well versed in these issues, but must also educate and advise our customers to ensure they understand the regulations and make the right decisions.  Check out the ONC guide and share it with your colleagues.  Your company and your customers will learn a lot!


William Kinsley, CISSP (Enterprise Architect, Ambulatory, NextGen)

EHRA Privacy & Security Workgroup Chair


Sayee Balaji Chandrasekaran (Application Security Engineer, Allscripts)

EHRA Privacy &  Security Workgroup Vice Chair