HHS Released Guidelines on HIPAA Compliance amidst Pandemic

Medical billing services, healthcare professionals, and other stakeholders are bound by HIPAA Law or “HITECH Law of 2009” to protect and restrain the misuse of sensitive healthcare information. 

When we join a medical billing company, the first thing that medical billers, coders, auditors, and physicians learn is to safeguard the Protected Health Information (PHI). Moreover, there are proper guidelines to avoid the misinterpretation of the confidentiality of patients' data.

Medical Practices are Sharing Data with Authorities for Research 

Healthcare IT experts have decided that we can find ways to restrict virus exposure and even prevent another health emergency to happen with proper data analysis. Thus, at these drastic times, medical practices are asked to share data for research purposes. In such situations, as a HIPAA-compliant medical facility, how would you respond to such requests? Will there be any prerequisites for sharing data? What information are healthcare professionals and outsourcing medical billing companies are allowed to share? Moreover, it will also affect QPP MIPS reporting requirements. 

There are lots of questions that we have to answer.

The U.S Department of Health and Human Services (HHS) has answered all these questions without ambiguity. Let's follow through.

Changes in HIPAA Policies during COVID-19

In February 2020, the Office of Civil Rights released a bulletin for covered entities and business associates about the epistemology of sharing patient data amidst the pandemic.

They say:

Healthcare entities can release the patient’s data without the patient's authorization if it’s important to treat another life or that patient in general. Treatment here refers to the management or coordination among healthcare entities, such as one or more healthcare professionals, medical billing services, care of providers, and the referrals of patients.

Another thing that we all have to keep in mind is this relaxation is only in effect during the COVID-19 pandemic (Public Health Emergency (PHE) and is likely to revert or annul or update when the situation gets back to normal.

The Situations where we can Share Information without Patient’s Authorization

Under privacy rules, healthcare service providers can share PHI in specific cases without prior authorization.

So, what are those cases?

Only the Public Health Authority, for instance, the CDC or a state or local health department can receive or share data to prevent any public health emergency, disability, or disease. It includes all reportable cases such as disease, injury, births, deaths, and surveys for public health surveillance, investigations, or interventions.

Explicitly speaking, a covered entity may disclose PHI to the CDC regularly as needed to report cases (prior and prospective) of patients exposed, suspected, or confirmed to have Novel Coronavirus.

Severe Cases When Health Providers Can Share PHI 

Moreover, there are other severe cases where clinicians are allowed to share information such as,

• When the patient is unconscious, but it is in the best interests of the patient

• When disaster relief organizations (For Example, Red Cross) are unable to operate fairly in an emergency 
• When there is a person or public in general with a critical health condition to prevent them from a fatal condition

Having stated these non-consensual cases, it is the best practice for healthcare organizations or medical billing companies to ask for permission from patients. However, unfortunately, it is not the case in most cases because the patients might not be in a condition to allow anything.

Be Careful About What You Share 

Clinicians must avoid releasing information about specific tests, test results, or details of a specific illness or treatment without proper consent from the patient or the representative party!

QPP MIPS reporting neither criteria nor do HIPAA compliance rules allow it. 

How is the Pandemic Holding Up with the HIPAA Compliance?

The relaxations in the privacy policies are in favor of a progressive and active healthcare system. However, some conditions are not changed, such as the Minimum Necessary constraint, unless another healthcare professional requires the information.

This stance is explained in the press release as:

A covered entity depends on the CDC that the protected health information (PHI) requested by the CDC about all patients exposed or suspected or confirmed to have coronavirus is the minimum necessary case for the public health purpose. Furthermore, patients can restrict access to their information for the workforce members who need it to perform several tasks or research.

Conclusion

The relaxations subjected to the privacy rules of HIPAA compliance don’t imply any loose ends for security measures. The parties associated with the information, such as covered entities, billing services, MIPS Qualified Registries, and clinicians, must adopt all means to protect information from falling into the wrong hands.

The authorities presented several press releases as the pandemic progressed. One of them was released on April 2, 2020, saying that:

Starting instantly, there would be no penalties for exposing information under the HIPAA Privacy Rules for goodwill purposes for all business associates during the pandemic.

Hopefully, it helps scientists to highlight meaningful aspects of a progressive healthcare system. Moreover, it allows physicians long-term relaxation without compromising patients' privacy and quality healthcare for QPP MIPS reporting.

 

What Quality Measures can Physicians Report for MIPS 2020?

CMS revises MIPS reporting requirements every year. There is a high chance that the measures you reported last year may have been obsoleted this year.

2020 is particularly important as it is the year of some important updates. 

You can rely on QPPMIPS.com to know about any MIPS update and get a solution to your reporting problem.

We have gathered all information about the topped-out measures and the updated measures for this year, so you submit data without any ambiguity.

What are the New Quality Measures?

A new update for MIPS Quality measures is that CMS (Centers for Medicare and Medicaid Services) requires at least 70% of the eligible cases (for both Medicare and non-Medicaid patients) for the whole performance year.

Groups with sixteen or more eligible clinicians will receive no points for this category, if they fail to meet the data completeness constraint.

However, eligible clinicians from small practices with groups of participants less than 16 can receive three points even if they submit data for less than 70% of the eligible cases.

Quality Measures to Report in MIPS 2020

There are approximately 216 quality measures to choose from and report this year (according to the final rule). Three new measures are added to the list along with seven new specialty measure sets.

 

New Quality Measures

For eCQM (Electronic Clinical Quality Measures)

#476 - International Prostate Symptom Score (IPSS) or American Urological Association-Symptom Index (AUA-SI) change 6 -12 months after Diagnosis of Benign Prostatic Hyperplasia

 

For CQM (Clinical Quality Measure)

#477 - Multimodal Pain Management

 

For CQM (Clinical Quality Measure)

#478 - Functional Status Change for Patients with Neck Impairments

Now, have a look at the list of new Specialty Measure Sets for MIPS 2020 Reporting.

1. Audiology Specialty Set
2. Pulmonology Specialty Set
3. Nutrition/Dietitian Specialty Set
4. Endocrinology Specialty Set
5. Chiropractic Medicine Specialty Set
6. Clinical Social Work Specialty Set*
7. Speech-Language Pathology Specialty Set

*Clinical social workers are exempt to report MIPS 2020. However, they can report data voluntarily.

We suggest all eligible clinicians check the CMS official documentation against each quality measure, so you report them as per their requirements.

What Quality Measures Have Been Removed from the List?

CMS removed almost 42 quality measures from the 2020 QPP MIPS Reporting list. The reason behind this is they no longer support the purpose of MIPS vision.

Given below is the list of topped out measures. We suggest going through all of these to avoid using inactive measures and lose points on them. 

#046 - Medication Reconciliation Post-Discharge

#051 - Chronic Obstructive Pulmonary Disease (COPD): Spirometry Evaluation

#068 - Hematology: Myelodysplastic Syndrome (MDS): Documentation of Iron Stores in Patients Receiving Erythropoietin Therapy

#091 - Acute Otitis Externa (AOE): Topical Therapy

#109 - Osteoarthritis (OA): Function and Pain Assessment

#131 - Pain Assessment and Follow-Up

#160 - HIV/AIDS: Pneumocystis Jiroveci Pneumonia (PCP) Prophylaxis

#165 - Coronary Artery Bypass Graft (CABG): Deep Sternal Wound Infection Rate

#166 - Coronary Artery Bypass Graft (CABG): Stroke

#179 - Rheumatoid Arthritis (RA): Assessment and Classification of Disease Prognosis

#192 - Cataracts: Complications within 30 Days Following Cataract Surgery Requiring Additional Surgical Procedures

#223 - Functional Deficit: Change in Risk-Adjusted Functional Status for Patients with Neck, Cranium, Mandible, Thoracic Spine, Ribs, or Other General Orthopedic Impairments

#255 - Rh Immunoglobulin (Rhogam) for Rh-Negative Pregnant Women at Risk of Fetal Blood Exposure

#262 - Image Confirmation of Successful Excision of Image-Localized Breast Lesion

#271 - Inflammatory Bowel Disease (IBD): Preventive Care: Corticosteroid Related Iatrogenic Injury

#325 - Adult Major Depressive Disorder (MDD): Coordination of Care of Patients with Specific Comorbid Conditions

#328 - Pediatric Kidney Disease: ESRD Patients Receiving Dialysis: Hemoglobin Level < 10g/dL

#329 - Adult Kidney Disease: Catheter Use at Initiation of Hemodialysis

#330 - Adult Kidney Disease: Catheter Use for Greater Than or Equal to 90 Days

#343- Screening Colonoscopy Adenoma Detection Rate

#345 - Rate of Asymptomatic Patients Undergoing Carotid Artery Stenting (CAS) (For patients who are Stroke Free or discharged alive)

#346 - Rate of Asymptomatic Patients Undergoing Carotid Endarterectomy (CEA) ((For patients who are Stroke Free or discharged alive)

#347 - Rate of Endovascular Aneurysm Repair (EVAR) of Small or Moderate Non-Ruptured Infrarenal Abdominal Aortic Aneurysms (AAA) (For patients who are discharged alive)

#352 - Total Knee Replacement: Preoperative Antibiotic Infusion with Proximal Tourniquet

#353 - Total Knee Replacement: Identification of Implanted Prosthesis in Operative Report

#361- Optimizing Patient Exposure to Ionizing Radiation: Reporting to a Radiation Dose Index Registry

#362 - Optimizing Patient Exposure to Ionizing Radiation: Computed Tomography (CT) Images Available for Patient Follow-up and Comparison Purposes

#371 - Depression Utilization of the PHQ-9 Tool

#372 - Maternal Depression Screening

#388 - Cataract Surgery with Intra-Operative Complications (Unplanned Rupture of Posterior Capsule Requiring Unplanned Vitrectomy)

#403 - Adult Kidney Disease: Referral to Hospice

#407 - Appropriate Treatment of MSSA Bacteremia

#411 - Depression Remission at Six Months

#417 - Rate of Open Repair of Small or Moderate Abdominal Aortic Aneurysms (AAA) Where Patients Are Discharged Alive

#428 - Pelvic Organ Prolapse: Preoperative Assessment of Occult Stress Urinary Incontinence

#442 - Persistence of Beta-Blocker Treatment After a Heart Attack

#446 - Operative Mortality Stratified by the Five STS-EACTS Mortality Categories

#449 - HER2 Negative or Undocumented Breast Cancer Patients Spared Treatment with HER2-Targeted Therapies

#454 - Proportion of Patients who died from Cancer with more than One Emergency Department Visit in the Last 30 Days of Life

#456 - Proportion Not Admitted To Hospice

#467 - Developmental Screening in the First Three Years of Life

#474 - Zoster (Shingles) vaccination                                                 

Conclusion

To succeed in the MIPS 2020, it is important to review every quality measure beforehand the reporting period. There is still a little time left, so if you have a lot of reporting work to do, contact us for a smooth data submission process aligned with the latest CMS requirements.