SlideShare a Scribd company logo

Webinar on the 21st Century Cures Act Final Rule

Download as PPTX, PDF
Nalashaa Healthcare Solutions
Nalashaa Healthcare Solutions

The Cures Act Final Rule Introduces Many Revisions and Additions to the ONC Health IT Certification Program. Our Healthcare Expert covers the vitals

Related slideshows

HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShield
HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShieldHXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShield
HXR 2016: Free the Data Access & Integration -Jonathan Hare, WebShield
 
Sukraa telemedicine software presentation
Sukraa telemedicine software presentationSukraa telemedicine software presentation
Sukraa telemedicine software presentation
 
MEDD HMIS Project_Sir JJ Hospital_2014
MEDD HMIS Project_Sir JJ Hospital_2014MEDD HMIS Project_Sir JJ Hospital_2014
MEDD HMIS Project_Sir JJ Hospital_2014
 
1 of 17
21st Century Act Cures Rule iOS ANDROID WINDOWS CRM MICROSOFT SOCIAL CRM DESIGN EXPERIENCE CLOUDJAVA RWD www.nalashaahealth.com
www.nalashaahealth.com Agenda 2  CMS regulations: How you got here  21st Century Cures Act: Overview  Changes: ONC certification context  Ecosystem impact  Repercussions  Focus: Beyond the rule  Suggested approach
www.nalashaahealth.com US Healthcare – Then & Now! 3 Where you are now Where you have to be Interoperability HL7, CCDA, FHIR, NCPDP, DICOM ONC Programs MU3, MACRA, QPP, VBC Engagement Patient Portal, Apps - Wellness, PHM Data Related PHM, Care Mgmt., Coordinated care, Dashboards Automation Workflow alerts/notifications, Behavior tracking Data Driven Capacity forecasting, 360° patient view Compliance New/Revised criteria, USCDI, Open APIs, Info. Blocking Engagement Preemptive care, contextual Omni channel comm., Wearables, Nothing wrong with change, if in the right direction……
www.nalashaahealth.com 21st Century Cures Act: An Overview USCDIInfo. Blocking CEHRT HIT Vendors Care Providers Patients Health Plans HIEs/HINs Starts May 2022 May 2023Nov 2020 4
www.nalashaahealth.com eRx CEHRT – Revised Measures 5  Change/Cancel/Renewal - Request/Response  RxReason mandatory with all transactions  NewRx, NewRxRequest/Denied  RxFill, IndicatorChange  RxTransfer - Request/Response/Confirm  REMS(Initiation) – Request/Response  RxHistory - Request/Response  GetMessage, Relay Status, Error, Verify, Resupply  DrugAdministration, Recertification, ePA Transactions Impacted • SIG still optional • Oral liquid meds Rx only in metric standards • RTPB is still under discussion • Vitals info. required for patients under 18 • RxChange  Validate prescriber credentials  Request review of Drug  Request Prior Auth. New Features Move to NCPDP 2017071 from 1xxxx0.6 Mandatory Optional
www.nalashaahealth.com CEHRT – Revised Measures 6  Aligns with FHIR V4  ToC, VDT, CDA creation performance  e-case reporting, CApp. Access – all criteria USCDI No more CCDS Granular, Secured  Ambulatory, EPs/ECs  2019 CMS QRDA III IG  IP/Hospital Quality Reporting -  2019 CMS QRDA I IG  Changes include – Templates, Value-sets, entries  Cypress update to V5.4 CQMs No more HL7 IGs 24 Months  (d)(2).1.c is not applicable for the P&S testing  (d)(7) – End user device encryption is not mandatory  E 2147-1 --> E 1247-18  Not all audit functionality is verified for every measure Auditable Events  Follow UDI Release R1  Lot / Batch / Serial Number  Manufacturing / Expiration Dates  Distinct Identification Code Implantable DevicesNew IGs Standardized New IGs
www.nalashaahealth.com Data Export CEHRT – Revised Measure 7  Export Single patient EHI without intervention or support  Multiple patients when provider changes Health IT systems  Export files to be electronic & computable  To publish Data Export Format (Structure & Syntax) as hyperlink for reference  All Patient EHI stored in the system to be available for export  Initial step towards real-time access  Export of Image, Imaging Information & Image Element Export Now as Patient Population eHI export 36 Months
www.nalashaahealth.com CEHRT – Revised Measures 8  Use HL7 FHIR 4 and several other standards  Support single/multiple patient data results APIs Now eHI export Standardized Consent Management  Security model to permit access, use, or disclosure of sensitive PHI  Security tags at document, section & entry level for only CCDA  Re-use of security tags in metadata for FHIR resources  Avoid Information Blocking lawsuits with proper consent management while exchanging EHI  Consent2Share (C2S) IG / FHIR consent IGs prescribed for (g)(10) 24 Months
www.nalashaahealth.com CEHRT – New Measures 9  Password Encryption/Cryptographic Hashing  Adhere to FIPS PUB 140-2  New / revising certifications after Oct 2020 should attest Encrypt authentication credentials Multi-factor authentication  Via any – Phone, Badge, RSA token, figure prints, Retina scanner, heartbeat or biometric info  Adhere to standards like NIST publication 800 – 63B Digital Authentication Guidelines  New/revising certifications after Oct 2020 SHOULD attest Authentication Mandatory attestation under P&S certification f/w
www.nalashaahealth.com CEHRT - Removals 10 Jun 2020 Jan 2022 May 2022 May 2023  a(4,9,10,13): DDDA Interactions, CDS, Drug formulary & patient education  e(2): Secure messaging  b(6): Data export  a(6-8,11): Problem, medication, medication allergy lists & smoking status  b(4-5): CCDS send & receive  (e)(1)(II)(B) – VDT – audit history  g(8): API data category request Future Imminent Distant Immediate
www.nalashaahealth.com Interoperability - USCDI V1 11 CCDS USCDIevolving into Additional data classes & elements… Additions & their impact… ------------------  Comply to Minimum USCDI v1 Standards  SVAP (Standards Version Advancement Process)  ToC to use CDA to hold USCDI data  Procedures Data Class to use CDT to SNODENT  Patient contact information with US postal standards  Additional Vitals & growth charts for children  8 Clinical Note types for inpatient/ambulatory  Provenance class (author timestamp, org.)  Allergies and Intolerances in medication class  Medication allergies  Allergies & Intolerance
www.nalashaahealth.com • No registration process for Provider facing Apps • Condition of Certification – demo. registration process • Authorization standard is up to CEHRT discretion (OpenID, OAuth 2.0) • SMART Application Launch Framework • US Core server capability statement • Provenance & document reference – not mandatory • Single Patient APIs to use US Core IG  USCDI Data Elements  US Core IG FHIR Profiles • Multi Patient APIs to use Bulk Data Access in addition • SMART Backend Serv.: Auth Guide + Bulk data Access Interoperability - API 12 Data Response Search Operations Application Registration • Using TLS version 1.2 or higher • Secure connection for standalone & EHR launch • SMART on FHIR Core Capabilities Secure Connection • Grant / Deny access to patient data • Manage Refresh Token & validity • Support all SMART on FHIR Core Capabilities • Support all 19 Clinical entities • Offline Access • Patient Authorization Revocation • Verification of JWT + Json web signatures Authentication & Authorization • Exceptions & Error Handling • Publicly Accessible Hyperlinks API Documentation
www.nalashaahealth.com • Greater health data control • Wider choices • Easier clinical trial enrolments • Wiser health-plan purchases • 360o Patient picture • Patient tracking • Proactive sharing • Unique patient id Regulation – Impact on the ecosystem 13 Technology Focus Areas • Security • Audit & Logging capabilities • Identity Management • CRM capabilities • Workflow automations • APIs • Integration standards (USCDI) • Better and complete documentation • Shorter revenue cycles • Greater automation • Reduced bureaucracy • Simpler integrations • Greater innovation • Lower Xn costs • Universal security • Stringent audit capabilities HIT Vendors Providers HIEs Patients
www.nalashaahealth.com Repercussions: If we don’t update technology 14  Certification ban/termination  CMS wall of shame  Providers unable to attest from '21  Hampered ecosystem partnerships  Reduced marketability  Dipping customer satisfaction  Cumbersome compliance tracking/audit  Exposure to security risks  Higher cost of info. servicing Regulatory Relationships Operational BusinessTechnical Traceability Secured Access Interoperability Data Governance
www.nalashaahealth.com Focus areas: Beyond the cures rule 15 • Multiple access points • Archival plan • Reconcile Master data Security Data Governance Transparency Audit/Log tracing Unique Identification Patient Lifecycle tracking CRM capability Automation • “Follow" the patient • Proactive interventions • Contextualized engagement • One true version of ePHI • Less labor-intensive reconciliation • Avoid workflow ambiguity • Manage data access requests • Automated process setup • Protocols for 3rd party authorizations • Trail of actions • Demonstration mechanism • Raise violation flags • Timely action for info. blocking? • Automate compliance tracking • Responsiveness and efficiency • 3rd parties connect • Automate integrations • Defend information blocking allegations • 360o patient view • Trace 2nd or 3rd party requests • Apply population insights individually
www.nalashaahealth.com Suggested Approach 16 Regulation Checklist • Covering all possible aspects • Prioritize based dependencies Analyze • Impact areas and magnitude • Chalk out a preliminary approach Kick Off • Finalize execution plan for you • Start implementation Go to Market • Get certified • General Availability
www.nalashaahealth.com For more information, contact info@nalashaa.com Nalashaa Healthcare Solutions LLC. 510, Thornall Street, Ste 210, Edison, NJ 08837 +1-732-602-2560 Ext: 200 Thank You

More Related Content

Webinar on the 21st Century Cures Act Final Rule

  • 1. 21st Century Act Cures Rule iOS ANDROID WINDOWS CRM MICROSOFT SOCIAL CRM DESIGN EXPERIENCE CLOUDJAVA RWD www.nalashaahealth.com
  • 2. www.nalashaahealth.com Agenda 2  CMS regulations: How you got here  21st Century Cures Act: Overview  Changes: ONC certification context  Ecosystem impact  Repercussions  Focus: Beyond the rule  Suggested approach
  • 3. www.nalashaahealth.com US Healthcare – Then & Now! 3 Where you are now Where you have to be Interoperability HL7, CCDA, FHIR, NCPDP, DICOM ONC Programs MU3, MACRA, QPP, VBC Engagement Patient Portal, Apps - Wellness, PHM Data Related PHM, Care Mgmt., Coordinated care, Dashboards Automation Workflow alerts/notifications, Behavior tracking Data Driven Capacity forecasting, 360° patient view Compliance New/Revised criteria, USCDI, Open APIs, Info. Blocking Engagement Preemptive care, contextual Omni channel comm., Wearables, Nothing wrong with change, if in the right direction……
  • 4. www.nalashaahealth.com 21st Century Cures Act: An Overview USCDIInfo. Blocking CEHRT HIT Vendors Care Providers Patients Health Plans HIEs/HINs Starts May 2022 May 2023Nov 2020 4
  • 5. www.nalashaahealth.com eRx CEHRT – Revised Measures 5  Change/Cancel/Renewal - Request/Response  RxReason mandatory with all transactions  NewRx, NewRxRequest/Denied  RxFill, IndicatorChange  RxTransfer - Request/Response/Confirm  REMS(Initiation) – Request/Response  RxHistory - Request/Response  GetMessage, Relay Status, Error, Verify, Resupply  DrugAdministration, Recertification, ePA Transactions Impacted • SIG still optional • Oral liquid meds Rx only in metric standards • RTPB is still under discussion • Vitals info. required for patients under 18 • RxChange  Validate prescriber credentials  Request review of Drug  Request Prior Auth. New Features Move to NCPDP 2017071 from 1xxxx0.6 Mandatory Optional
  • 6. www.nalashaahealth.com CEHRT – Revised Measures 6  Aligns with FHIR V4  ToC, VDT, CDA creation performance  e-case reporting, CApp. Access – all criteria USCDI No more CCDS Granular, Secured  Ambulatory, EPs/ECs  2019 CMS QRDA III IG  IP/Hospital Quality Reporting -  2019 CMS QRDA I IG  Changes include – Templates, Value-sets, entries  Cypress update to V5.4 CQMs No more HL7 IGs 24 Months  (d)(2).1.c is not applicable for the P&S testing  (d)(7) – End user device encryption is not mandatory  E 2147-1 --> E 1247-18  Not all audit functionality is verified for every measure Auditable Events  Follow UDI Release R1  Lot / Batch / Serial Number  Manufacturing / Expiration Dates  Distinct Identification Code Implantable DevicesNew IGs Standardized New IGs
  • 7. www.nalashaahealth.com Data Export CEHRT – Revised Measure 7  Export Single patient EHI without intervention or support  Multiple patients when provider changes Health IT systems  Export files to be electronic & computable  To publish Data Export Format (Structure & Syntax) as hyperlink for reference  All Patient EHI stored in the system to be available for export  Initial step towards real-time access  Export of Image, Imaging Information & Image Element Export Now as Patient Population eHI export 36 Months
  • 8. www.nalashaahealth.com CEHRT – Revised Measures 8  Use HL7 FHIR 4 and several other standards  Support single/multiple patient data results APIs Now eHI export Standardized Consent Management  Security model to permit access, use, or disclosure of sensitive PHI  Security tags at document, section & entry level for only CCDA  Re-use of security tags in metadata for FHIR resources  Avoid Information Blocking lawsuits with proper consent management while exchanging EHI  Consent2Share (C2S) IG / FHIR consent IGs prescribed for (g)(10) 24 Months
  • 9. www.nalashaahealth.com CEHRT – New Measures 9  Password Encryption/Cryptographic Hashing  Adhere to FIPS PUB 140-2  New / revising certifications after Oct 2020 should attest Encrypt authentication credentials Multi-factor authentication  Via any – Phone, Badge, RSA token, figure prints, Retina scanner, heartbeat or biometric info  Adhere to standards like NIST publication 800 – 63B Digital Authentication Guidelines  New/revising certifications after Oct 2020 SHOULD attest Authentication Mandatory attestation under P&S certification f/w
  • 10. www.nalashaahealth.com CEHRT - Removals 10 Jun 2020 Jan 2022 May 2022 May 2023  a(4,9,10,13): DDDA Interactions, CDS, Drug formulary & patient education  e(2): Secure messaging  b(6): Data export  a(6-8,11): Problem, medication, medication allergy lists & smoking status  b(4-5): CCDS send & receive  (e)(1)(II)(B) – VDT – audit history  g(8): API data category request Future Imminent Distant Immediate
  • 11. www.nalashaahealth.com Interoperability - USCDI V1 11 CCDS USCDIevolving into Additional data classes & elements… Additions & their impact… ------------------  Comply to Minimum USCDI v1 Standards  SVAP (Standards Version Advancement Process)  ToC to use CDA to hold USCDI data  Procedures Data Class to use CDT to SNODENT  Patient contact information with US postal standards  Additional Vitals & growth charts for children  8 Clinical Note types for inpatient/ambulatory  Provenance class (author timestamp, org.)  Allergies and Intolerances in medication class  Medication allergies  Allergies & Intolerance
  • 12. www.nalashaahealth.com • No registration process for Provider facing Apps • Condition of Certification – demo. registration process • Authorization standard is up to CEHRT discretion (OpenID, OAuth 2.0) • SMART Application Launch Framework • US Core server capability statement • Provenance & document reference – not mandatory • Single Patient APIs to use US Core IG  USCDI Data Elements  US Core IG FHIR Profiles • Multi Patient APIs to use Bulk Data Access in addition • SMART Backend Serv.: Auth Guide + Bulk data Access Interoperability - API 12 Data Response Search Operations Application Registration • Using TLS version 1.2 or higher • Secure connection for standalone & EHR launch • SMART on FHIR Core Capabilities Secure Connection • Grant / Deny access to patient data • Manage Refresh Token & validity • Support all SMART on FHIR Core Capabilities • Support all 19 Clinical entities • Offline Access • Patient Authorization Revocation • Verification of JWT + Json web signatures Authentication & Authorization • Exceptions & Error Handling • Publicly Accessible Hyperlinks API Documentation
  • 13. www.nalashaahealth.com • Greater health data control • Wider choices • Easier clinical trial enrolments • Wiser health-plan purchases • 360o Patient picture • Patient tracking • Proactive sharing • Unique patient id Regulation – Impact on the ecosystem 13 Technology Focus Areas • Security • Audit & Logging capabilities • Identity Management • CRM capabilities • Workflow automations • APIs • Integration standards (USCDI) • Better and complete documentation • Shorter revenue cycles • Greater automation • Reduced bureaucracy • Simpler integrations • Greater innovation • Lower Xn costs • Universal security • Stringent audit capabilities HIT Vendors Providers HIEs Patients
  • 14. www.nalashaahealth.com Repercussions: If we don’t update technology 14  Certification ban/termination  CMS wall of shame  Providers unable to attest from '21  Hampered ecosystem partnerships  Reduced marketability  Dipping customer satisfaction  Cumbersome compliance tracking/audit  Exposure to security risks  Higher cost of info. servicing Regulatory Relationships Operational BusinessTechnical Traceability Secured Access Interoperability Data Governance
  • 15. www.nalashaahealth.com Focus areas: Beyond the cures rule 15 • Multiple access points • Archival plan • Reconcile Master data Security Data Governance Transparency Audit/Log tracing Unique Identification Patient Lifecycle tracking CRM capability Automation • “Follow" the patient • Proactive interventions • Contextualized engagement • One true version of ePHI • Less labor-intensive reconciliation • Avoid workflow ambiguity • Manage data access requests • Automated process setup • Protocols for 3rd party authorizations • Trail of actions • Demonstration mechanism • Raise violation flags • Timely action for info. blocking? • Automate compliance tracking • Responsiveness and efficiency • 3rd parties connect • Automate integrations • Defend information blocking allegations • 360o patient view • Trace 2nd or 3rd party requests • Apply population insights individually
  • 16. www.nalashaahealth.com Suggested Approach 16 Regulation Checklist • Covering all possible aspects • Prioritize based dependencies Analyze • Impact areas and magnitude • Chalk out a preliminary approach Kick Off • Finalize execution plan for you • Start implementation Go to Market • Get certified • General Availability
  • 17. www.nalashaahealth.com For more information, contact info@nalashaa.com Nalashaa Healthcare Solutions LLC. 510, Thornall Street, Ste 210, Edison, NJ 08837 +1-732-602-2560 Ext: 200 Thank You