Proposed Changes to MIPS for 2018

1. HERE’S A PEEK!

As they promised, back in October 2016, CMS is continuing to propose modifications to the Quality Payment Program (QPP) established by their Final Rule.  You will recall that the QPP was authorized by Congress’s Medicare Access and CHIP Reauthorization Act (MACRA) of 2015.  Last week, CMS released its Proposed Rule for the CY2018 updates to the QPP. 

The Proposed Rule (https://www.federalregister.gov/documents/2017/06/30/2017-13010/medicare-program-cy-2018-updates-to-the-quality-payment-program) was issued on June 20, 2017; it’s a mere 1,058 pages long.  Full disclosure:  I have not read it in its entirety yet, but I have learned of a few highlights applicable to the MIPS track that I found quite interesting and wanted to share quickly with you.  There is certainly a whole lot more to discuss, but here are a few tidbits that might interest you enough to cozy up later to that thousand-page document (or keep your eyes open for my next blog?).

2. ATTENTION SMALLER PRACTICES! 

CMS is proposing to raise the low-volume threshold to exclude individual MIPS eligible clinicians or groups who bill $90,000 or less in Part B billing OR provide care for 200 or less Part B enrolled beneficiaries.  This is a significant increase from the low-volume exclusion rates in 2017 which excluded practitioners/groups who billed $30,000 or less and saw 100 or less beneficiaries.  This modification might significantly help small practices or providers who just don’t see that many Part B beneficiaries.

3. WANT TO AVOID COST PERFORMANCE HEADACHES?

Fingers crossed – you may avoid cost performance headaches for one more year entirely!  CMS is proposing to retain the weighting of the cost performance category at 0% again for 2018.  Originally, in the 2017 Final Rule, CMS said that in 2018, the cost performance category weight would increase to 10%, while the quality performance category weight reduced to 50%.  In this 2018 proposal, they have reversed themselves.  CMS does intend, however, to continue to report cost information to practitioners and groups so that these providers can learn as much as possible about how they are being scored and hopefully they will be able to work toward improvement in the following years.

CMS is proposing to allow multiple mechanisms for reporting within MIPS performance categories. In 2017, eligible clinicians can only use one mechanism (e.g. claims or data registry or EHR, etc.) within a performance category to report to CMS. In 2018, providers will be allowed to use more than one mechanism within a performance category. This might not sound like an exciting possible change, but I can see where it might be especially helpful in reporting quality performance measurements.

4. UPGRADING YOUR TECHNOLOGY COULD BE A VERY GOOD THING! 

CMS is proposing to offer a bonus to practices that use 2015 CERHT (certified electronic health record technology), instead of requiring its use, as previously expected. Our original expectation was that in the 2018 performance year, practitioners who reported under the advancing care information category would be required to use 2015 CERHT; the proposal under consideration for 2018 is now to allow both 2014 CERHT and 2015 CERHT again, but also to offer a reward to practices that upgraded to the 2015 CERHT for the entire performance period.

Speaking of performance periods, CMS is proposing a 12-month calendar year for the quality and cost performance categories. However, they are also proposing a 90-day performance period for advancing care information and improvement activities categories. This could be very helpful to practices as they continue to ramp up with EHR technology and learn what the improvement activities category is all about.

5. THERE IS STILL A 90 DAY OPTION IN 2018 FOR SOME CATEGORIES.

CMS is proposing a 15-point performance threshold in 2018 for eligible clinicians to avoid negative payment adjustments. In 2017, that performance threshold is 3 points.  CMS has suggested a proposed range for discussion of 6 to 33 points. A practice could meet 15 points by only reporting the required improvement activities.  

Another way a practitioner might meet this threshold would be to successfully report the advancing care information base score and submit only 1 additional quality measure that meets data completeness.  There are many other possible combinations; my point is, though it would require more effort than the 3-point threshold we have in the 2017 performance period, in my opinion, a 15-point threshold would not require a significant increase in effort.

6. NOW IS YOUR CHANCE FOR INPUT... 

You might notice that I have been constantly repeating “CMS is proposing….”  This is because the recently published rule is only a proposed rule.  We all now have 60 days (until August 21, 2017) to comment on what is being proposed (Yes, this means you!). If you want CMS to consider something other than what is in the proposed rule, now is your chance to tell them. If you think CMS is on the right track, and you like what they have proposed, you can tell them this also. Amazingly enough, CMS does collect every comment received through proper channels, AND they will summarize and respond to them later this year when they issue the FINAL regulations on the 2018 QPP program. 

You must submit your comments in the following ways (FAX submission is NOT allowed):

·       At Regulations.gov

·       By regular mail

·       By express or overnight mail

·       By hand or courier

-------------------------------------------------------------------------

For more information, you can refer to pages 1-3 in the Proposed Rule.  Here’s that link again to the Proposed Rule: https://www.federalregister.gov/documents/2017/06/30/2017-13010/medicare-program-cy-2018-updates-to-the-quality-payment-program

Or you can go to qpp.cms.gov.  Or you can email me etaylor@realtime-it.com, and I will help you.

There is obviously a lot more in the Proposed Rule than I have mentioned here. I will be reading this proposal and listening to the experts speak about it over the next days and weeks; I will pass along information as I learn it. In the meantime, let us know if we can help you!

It seems as if every week, sometimes every day, we hear about a data breach somewhere.  I had an attempted breach hit really close to home just recently.  Here’s what happened:

Our controller received an email that she had every reason to believe was from me.  My email address was spelled properly and the extension was correct.  Inside the email, the request was short and straightforward; the sender asked what information was needed to initiate a wire transfer and it was signed with my first name.  The controller did note that there was no email signature as we sometimes use, but internally I don’t always include that on my emails to her.

She responded to the request and very shortly received a second email instructing her to proceed with the sizeable wire transfer.  I was out of the office that day so she assumed that I was in a rush for the money.  However, at the very last minute, as she thought about the wording in the email, she said that it “just didn’t sound like me.”  The wording was too terse, too abrupt and there were no “please” or “thank you’s” as she and I usually include in our requests to one another.  She picked up the phone and called me.  The wire transfer was stopped.

The sender had masked his/her email address so that it appeared as an email from me.  Had our recipient hovered over the address, she might have been able to see the actual sender’s address.  In this case, however, this employee listening to that tiny voice in her mind saying that something wasn’t quite right is what saved the day.  This is the level of vigilance we must all maintain to keep our environments safe.

When in doubt, no matter how small, check it out.

-Elaine Taylor, RealTime CEO

One of the easiest ways to protect yourself from hackers is to use a strong password. Human nature tells us to use the same or similar passwords across different applications; and given a choice, most of use would use something very simple that we could easily remember.  

This, however, leaves you open to attacks. Hackers like to use "guessing" - a technique in which they repeatedly guess words or phrases using your children's names, sports teams, etc. There is also an automated program that hackers use called an Online Dictionary Attack. Here, the program attempts to log on using a different word from the text file on each try. These are only two ways that hackers attack your system but there are many, many more. The best method of defense is to learn to create a password that is safe and you can remember.

THINGS NOT TO USE IN YOUR PASSWORD

• Your Birthday
• Any part of your name
• Your mother's maiden name
• Names of your children or pets
• City where you were born
• Local sports teams
• Any part of your address

TIPS ON CREATING A SECURE PASSWORD

• Replace a letter with the same character every time you make a password. EXAMPLE: Use % instead of an A
• Use a minimum of 9 characters 
• Make sure to include upper and lower case letters, numbers and symbols.

Attacks can be slowed down significantly through the use of strong passwords.