Webinar on the 21st Century Cures Act Final Rule
- 1. 21st Century Act Cures Rule
iOS
ANDROID
WINDOWS
CRM
MICROSOFT
SOCIAL
CRM
DESIGN
EXPERIENCE
CLOUDJAVA
RWD
www.nalashaahealth.com
- 3. www.nalashaahealth.com
US Healthcare – Then & Now!
3
Where you are now Where you have to be
Interoperability
HL7, CCDA, FHIR, NCPDP, DICOM
ONC Programs
MU3, MACRA, QPP, VBC
Engagement
Patient Portal, Apps - Wellness, PHM
Data Related
PHM, Care Mgmt., Coordinated care, Dashboards
Automation
Workflow alerts/notifications, Behavior tracking
Data Driven
Capacity forecasting, 360° patient view
Compliance
New/Revised criteria, USCDI, Open APIs, Info. Blocking
Engagement
Preemptive care, contextual Omni channel comm., Wearables,
Nothing wrong with change, if in the right direction……
- 5. www.nalashaahealth.com
eRx
CEHRT – Revised Measures
5
Change/Cancel/Renewal - Request/Response
RxReason mandatory with all transactions
NewRx, NewRxRequest/Denied
RxFill, IndicatorChange
RxTransfer - Request/Response/Confirm
REMS(Initiation) – Request/Response
RxHistory - Request/Response
GetMessage, Relay Status, Error, Verify, Resupply
DrugAdministration, Recertification, ePA
Transactions Impacted
• SIG still optional
• Oral liquid meds Rx only in metric standards
• RTPB is still under discussion
• Vitals info. required for patients under 18
• RxChange
Validate prescriber credentials
Request review of Drug
Request Prior Auth.
New Features
Move to NCPDP 2017071 from 1xxxx0.6
Mandatory
Optional
- 6. www.nalashaahealth.com
CEHRT – Revised Measures
6
Aligns with FHIR V4
ToC, VDT, CDA creation performance
e-case reporting, CApp. Access – all criteria
USCDI No more CCDS
Granular, Secured
Ambulatory, EPs/ECs 2019 CMS QRDA III IG
IP/Hospital Quality Reporting - 2019 CMS QRDA I IG
Changes include – Templates, Value-sets, entries
Cypress update to V5.4
CQMs
No more HL7 IGs
24
Months
(d)(2).1.c is not applicable for the P&S testing
(d)(7) – End user device encryption is not mandatory
E 2147-1 --> E 1247-18
Not all audit functionality is verified for every measure
Auditable Events
Follow UDI Release R1
Lot / Batch / Serial Number
Manufacturing / Expiration Dates
Distinct Identification Code
Implantable DevicesNew IGs
Standardized
New IGs
- 7. www.nalashaahealth.com
Data Export
CEHRT – Revised Measure
7
Export Single patient EHI without intervention or support
Multiple patients when provider changes Health IT systems
Export files to be electronic & computable
To publish Data Export Format (Structure & Syntax) as hyperlink for reference
All Patient EHI stored in the system to be available for export
Initial step towards real-time access
Export of Image, Imaging Information & Image Element Export
Now as Patient Population eHI export
36
Months
- 8. www.nalashaahealth.com
CEHRT – Revised Measures
8
Use HL7 FHIR 4 and several other standards
Support single/multiple patient data results
APIs
Now eHI export
Standardized
Consent Management
Security model to permit access, use, or disclosure of sensitive PHI
Security tags at document, section & entry level for only CCDA
Re-use of security tags in metadata for FHIR resources
Avoid Information Blocking lawsuits with proper consent management while exchanging EHI
Consent2Share (C2S) IG / FHIR consent IGs prescribed for (g)(10)
24
Months
- 9. www.nalashaahealth.com
CEHRT – New Measures
9
Password Encryption/Cryptographic Hashing
Adhere to FIPS PUB 140-2
New / revising certifications after Oct 2020 should attest
Encrypt
authentication
credentials
Multi-factor
authentication
Via any – Phone, Badge, RSA token, figure prints, Retina scanner, heartbeat or biometric info
Adhere to standards like NIST publication 800 – 63B Digital Authentication Guidelines
New/revising certifications after Oct 2020 SHOULD attest
Authentication Mandatory attestation under P&S certification f/w
- 10. www.nalashaahealth.com
CEHRT - Removals
10
Jun
2020
Jan
2022
May
2022
May
2023
a(4,9,10,13): DDDA
Interactions, CDS, Drug
formulary & patient education
e(2): Secure messaging
b(6): Data export
a(6-8,11): Problem, medication,
medication allergy lists & smoking
status
b(4-5): CCDS send & receive
(e)(1)(II)(B) – VDT – audit history
g(8): API data category
request
Future
Imminent Distant
Immediate
- 11. www.nalashaahealth.com
Interoperability - USCDI V1
11
CCDS USCDIevolving
into
Additional data classes & elements…
Additions & their impact…
------------------
Comply to Minimum USCDI v1 Standards
SVAP (Standards Version Advancement
Process)
ToC to use CDA to hold USCDI data
Procedures Data Class to use CDT to SNODENT
Patient contact information with US postal
standards
Additional Vitals & growth charts for children
8 Clinical Note types for inpatient/ambulatory
Provenance class (author timestamp, org.)
Allergies and Intolerances in medication class
Medication allergies Allergies & Intolerance
- 12. www.nalashaahealth.com
• No registration process for Provider facing Apps
• Condition of Certification – demo. registration process
• Authorization standard is up to CEHRT discretion
(OpenID, OAuth 2.0)
• SMART Application Launch Framework
• US Core server capability statement
• Provenance & document reference – not mandatory
• Single Patient APIs to use US Core IG
USCDI Data Elements
US Core IG FHIR Profiles
• Multi Patient APIs to use Bulk Data Access in addition
• SMART Backend Serv.: Auth Guide + Bulk data Access
Interoperability - API
12
Data Response
Search Operations
Application Registration
• Using TLS version 1.2 or higher
• Secure connection for standalone & EHR launch
• SMART on FHIR Core Capabilities
Secure Connection
• Grant / Deny access to patient data
• Manage Refresh Token & validity
• Support all SMART on FHIR Core Capabilities
• Support all 19 Clinical entities
• Offline Access
• Patient Authorization Revocation
• Verification of JWT + Json web signatures
Authentication & Authorization
• Exceptions & Error Handling
• Publicly Accessible Hyperlinks
API Documentation
- 13. www.nalashaahealth.com
• Greater health data control
• Wider choices
• Easier clinical trial enrolments
• Wiser health-plan purchases
• 360o Patient picture
• Patient tracking
• Proactive sharing
• Unique patient id
Regulation – Impact on the ecosystem
13
Technology Focus Areas
• Security
• Audit & Logging capabilities
• Identity Management
• CRM capabilities
• Workflow automations
• APIs
• Integration standards (USCDI)
• Better and complete
documentation
• Shorter revenue cycles
• Greater automation
• Reduced bureaucracy
• Simpler integrations
• Greater innovation
• Lower Xn costs
• Universal security
• Stringent audit capabilities
HIT Vendors
Providers
HIEs
Patients
- 14. www.nalashaahealth.com
Repercussions: If we don’t update technology
14
Certification ban/termination
CMS wall of shame
Providers unable to attest from '21
Hampered ecosystem partnerships
Reduced marketability
Dipping customer satisfaction
Cumbersome compliance tracking/audit
Exposure to security risks
Higher cost of info. servicing
Regulatory
Relationships
Operational
BusinessTechnical
Traceability
Secured Access
Interoperability
Data Governance
- 15. www.nalashaahealth.com
Focus areas: Beyond the cures rule
15
• Multiple access points
• Archival plan
• Reconcile Master data
Security
Data
Governance
Transparency
Audit/Log
tracing
Unique
Identification
Patient
Lifecycle
tracking
CRM
capability
Automation
• “Follow" the patient
• Proactive interventions
• Contextualized engagement
• One true version of ePHI
• Less labor-intensive reconciliation
• Avoid workflow ambiguity
• Manage data access requests
• Automated process setup
• Protocols for 3rd party authorizations
• Trail of actions
• Demonstration mechanism
• Raise violation flags
• Timely action for info. blocking?
• Automate compliance tracking
• Responsiveness and efficiency
• 3rd parties connect
• Automate integrations
• Defend information blocking allegations
• 360o patient view
• Trace 2nd or 3rd party requests
• Apply population insights individually