Physicians must meet all 10 of CMS's Eligible Professional Objectives and Measures (PDF) to receive an EHR incentives and/or avoid a penalty.
Using Certified EHR Technology
Part of participating in MU involves using technology certified by the U.S. Department of Health and Human Services (HHS). Certified technology includes both complete EHR systems and individual modules. Physicians can either purchase a comprehensive certified package from a single vendor or certified components from different vendors.
Physicians should ask their vendor about certification plans if they are unclear as to whether their EHR technology or module(s) are certified for use in the incentive program. Physicians can verify whether the equipment is certified at the Office of the National Coordinator for Health IT’s (ONC) website.
For additional information about 2015 EHR certification criteria (PDF), see ONC’s final certification rule.
How to Select EHR Technology
Together with the AMA, AmericanEHR Partners provides the ability for a physician to rate or comment on an EHR system. There are also message boards that facilitate group discussion and allow users the opportunity to refine their search for product information by criteria that are most relevant to them, such as practice size and specialty.
All ratings and discussion topics come from verified members who must register with AmericanEHR Partners and are compared against a physician master file, ensuring real users are discussing and rating real products.
Usability is the capacity for an individual to learn and easily use an object. Both utility (how well a system handles the work a user must do) and ease-of-use are factors in usability.
The AMA strongly believes that EHR technology should:
- Facilitate a physician’s practice
- Improve patient care
- Enhance care coordination, practice efficiencies and processes
- Support decision-making, not circumvent the need for critical thinking
To improve patient care, EHRs and other health technology must work well for the people who use them. Unfortunately, the swift implementation of EHR technology compelled physicians to purchase tools not yet optimized for patients or doctors. As a result, EHR technology can often impede efficient care by making it difficult to find or understand what clinicians need. Sometimes the technology may be challenging to use effectively, efficiently and safely with satisfaction.
The AMA believes that the addition of user-centered design (UCD) in the development of EHR products can improve usability and increase physician satisfaction with EHRs. This process focuses on analyzing and incorporating user requirements from the beginning of the development cycle. The AMA continues to work with key EHR-industry stakeholders and advocate that ONC include robust UCD when certifying technology.
However, EHR design is also heavily influenced by the federal requirements for MU and certification. While there are federal requirements on EHR usability, the design priority of EHR vendors continues to be meeting MU objectives and not the needs of physicians and patients. To help elevate this concern, the AMA worked with MedStar Health to identify issues with EHR certification and the incorporation of better UCD principles in the design of health IT products.
Privacy and Security
As part of both HIPAA and MU requirements, physicians must conduct or review a security risk analysis at least once during each program year. A practice’s size, complexity, capabilities, risk and cost are used to determine the proper methodology to meet this requirement. Conducting this analysis can provide insight into the vulnerabilities in a practice’s heaIth IT. It is important to note that a health IT system is typically larger than just EHR.
The first step in protecting a practice and patients’ health information from cyber attacks is evaluating a system’s security. The rules for a risk analysis are not prescriptive—a number of different tactics can achieve compliance. The AMA has several free resources in the AMA Education Center for AMA PRA Category 1 Credit™ to help physicians build tailored compliance processes.
Additionally, the HHS has materials, toolkits and videos (PDF) that can help small-to-medium-sized practices become compliant.
AMA Advocacy on the MU Program
The AMA continues to advocate for making the MU program more workable for physicians by asking CMS to establish more reasonable reporting requirements, measurement thresholds and overall flexibility so that all physicians who want to participate are able to do so. Below are links to the most recent comments and letters to the administration and Congress.
As a result of significant AMA advocacy, CMS made several changes to the Stage 2 requirements, reducing the number of overall requirements and including exceptions to certain measures. We continue to advocate for a fundamental change in the MU program and are expecting improvements to the program to be announced in spring 2016.
Dec. 15, 2015 AMA comment letter (PDF) to CMS on Meaningful Use Stage 3 Final Rule
Nov. 2, 2015 sign-on letter to House (PDF) and Senate (PDF) on Stage 3 implementation
Sept. 17, 2015 sign-on letter (PDF) to Secretary Burwell on pausing Stage 3
May 29, 2015 AMA comment letter (PDF) to CMS on Meaningful Use Stage 3 Proposed Rule
May 20, 2015 comment letter (PDF) to CMS on Meaningful Use Modifications Proposed Rule.
March 5, 2015 written statement (PDF) written statement to the Senate Health, Energy, Labor & Pension Committee hearing on EHRs
Jan. 21, 2015 sign-on letter (PDF) to ONC on proposed modifications to the EHR certification process
What to Do If You Are Audited
The AMA has received a number of complaints and concerns associated with physicians undergoing an MU audit (currently 5 to 10% of eligible professionals) and is working to improve this process. Physicians should communicate any issues to the MU audit contractor:
Figliozzi & Company, CPAs P.C.
585 Stewart Avenue
Garden City, New York 11530
(516) 745-6400 ext. 302
The biggest issue physicians have faced in an audit was demonstrating the "yes/no" requirements that call for attestation proving the security risk analysis was successfully met. To help with the process, CMS posted information online and provided the following: