June 2011 ACO Special Edition

The Importance of Health Information Technology for Accountable Care Organizations

By Amy K. Fehn, Wachler & Associates, P.C., Royal Oak, MI 

AuthorThe proposed rule for Accountable Care Organizations (ACOs) participating in the Medicare Shared Savings Program (MSSP), published by CMS in the Federal Register on April 7, 20111 highlights the important role that health information technology will play in the ability of ACOs to meet eligibility criteria and successfully participate in the MSSP.

Reporting of Quality Measures Through the Use of Technology
ACOs participating in the MSSP must not only demonstrate cost savings, but must also demonstrate their ability to maintain quality care, as measured by designated quality measures.2 CMS has prescribed methods for reporting these measures, many of which will require the use of health information technology.3 In the first year, ACOs will be measured only by their ability to completely and accurately report the information. In later years, the ACO will be expected to report data and meet quality scores established by CMS.4

Of the 65 initial quality measures designated by CMS, 47 must be reported through the Group Practice Reporting Option (GPRO) Data Collection Tool5, which will be an upgraded version of the GPRO tool currently used in the Physician Quality Reporting System (PQRS).6 The current version of the GPRO Data Collection Tool is web-based; however, in the commentary to the proposed rule, CMS discussed its intent to develop the capability of the GPRO tool to interface with Electronic Health Record (“EHR”) technology so that the EHR data could directly populate the GPRO tool with required quality data.7

The use of EHR technology will not only be important for reporting through the GPRO tool, but will also allow the ACO to meet additional quality measures. Twenty-two of the quality measures contained in the proposed rule are identical to “meaningful use” measures found in the Health Information Technology for Economic and Clinical Health (“HITECH”) EHR incentive program.8

Achievement of 50 percent Meaningful Users by the ACO’s Primary Care Physicians
In addition to the quality measures that are aligned with the HITECH meaningful use requirements, the proposed rule will require an ACO to demonstrate that 50 percent of its primary care physicians are meaningful EHR users, as defined by the HITECH Act, by the beginning of the ACO’s second year of participation in the MSSP.9 CMS discussed this requirement in the commentary to the proposed rule as being a “first step” towards the objective of incenting full participation of ACO providers in the EHR Incentive Program.10 CMS also stated an intent to greater align the EHR incentive program and the MSSP in future rulemaking.11

Internal Reporting on Cost and Quality Measures
In order to effectuate change in the way that healthcare is delivered and achieve the “triple aim”12 of better care for individuals, better health for populations and decreased growth in healthcare costs, ACOs will need to be able to internally monitor participants’ performance with regard to quality and cost measures. CMS is proposing that, through the application process, an ACO will be required to describe its process to report internally on quality and cost measures and explain how it intends to use that process to respond to the needs of its Medicare population and make modifications in its care delivery.13 CMS provided several examples of ways that health information technology could be used for this type of internal monitoring, including population health data management and implementation of practice and physician level data capabilities, such as point of service reminder systems.14

Coordination of Care
CMS also proposed that ACOs be required to define processes that promote coordination of care.15 Some of the suggested processes include the use of EHRs and/or participation in a health information exchange (“HIE”) so that the ACO can provide treating providers with a beneficiary’s summary of care record during transitions both within and outside of the ACO.16 CMS also discussed the use of predictive modeling, remote monitoring and telehealth as ways to use technology to improve coordination of care.17

In addition to being a required process that ACOs must define, care coordination is necessary for meeting the additional requirement of patient centeredness. In discussing the proposed “patient centeredness criteria”, a mainstay of the MSSP, CMS highlighted the importance of having information follow the patient.18 This is most effectively accomplished through the exchange of electronic health information and providers who are enrolled in the Medicare EHR incentive program will be required to develop coordination of care processes that are consistent with the meaningful use requirements.

Meeting Additional Patient Centeredness Criteria
In addition to care coordination, additional patient centeredness criteria set forth in the proposed rule will require the use of technology. For example, an ACO will be required to evaluate the needs of its assigned population and develop plans to address those needs.19 ACOs will also be required to have systems in place to identify and update high-risk individuals and to develop individualized care plans for targeted populations.20 ACOs must also be able to measure clinical performance by physicians and provide feedback to the physicians so that they can use the measures to improve care.21 Thus, an ACO will be required to have the ability to access and analyze a large volume of data from all of the various ACO participants, and the use of health information technology will be the only way to efficiently perform this function.

Yet another element of the proposed patient centeredness criteria will require ACOs to develop processes for giving beneficiaries access to their own medical record. While access to the medical record can be accomplished through provision of a paper copy, this is a burdensome and time consuming process for both providers and patients. In the commentary to the proposed rule, CMS discusses the importance of access to allow the patient and his/her family the ability to participate in their care and make informed decisions.22 Thus, in order to be meaningful, it appears that CMS anticipates more immediate access than a paper copy would provide. Although not directly discussed in the proposed rule, the use of a patient portal or the ability to import medical information into a patient’s personal health record in a timely manner would appear to be more closely aligned with CMS’ vision of patient centeredness.

HIPAA Implications and Potential Road Blocks to Data Sharing
While CMS discussed the Health Insurance Portability and Accountability Act (HIPAA) at length in the proposed rule, the discussion is in the context of the permissibility of CMS’s sharing of data with the ACO.23 CMS does not directly discuss or suggest solutions for barriers to care coordination and data analysis raised by the HIPAA Privacy and Security regulations. For example, as discussed above, the ability to quickly provide patient information at times of care transition is an important element that is discussed in the context of care coordination, but cannot always be accomplished quickly due to HIPAA Privacy and Security concerns.

Because an ACO will likely consist of multiple separate healthcare entities, disclosures between ACO Participants will likely be considered a disclosure outside of the “covered entity” for the purposes of the HIPAA Privacy Rule.24 The HIPAA Privacy Rule allows covered entities to share protected health information (PHI)25 with other covered entities for purposes of treatment or payment, but this would require both covered entities to have a relationship with the patient.26 In some circumstances, a covered entity may also share PHI with other covered entities for healthcare operations, but again, this is permissible only if the patient has had a relationship with both covered entities.27 The need to confirm a past or present treatment relationship may hamper the ability to share information among ACO participants. For example, an ACO Participant would not be able to give direct access to its EHR to other ACO Participants that are not part of the same covered entity.

In commentary to the proposed rule, CMS suggested that ACOs may be business associates of the ACO Participants for purposes of conducting quality assessment and improvement activities.28 This would allow the ACO to gather information from all of the ACO Participants to perform quality assessment and improvement activities, provided that all information reported back to the ACO Participants was de-identified.29

The use of an HIE is another alternative that is specifically mentioned by CMS several times in the proposed rule as a strategy for coordinating care. The use of an HIE would be especially helpful in facilitating treatment-related communications because the HIE could have access to each ACO Participant’s data and, acting as a business associate of the ACO Participant, share the information with other treating providers in accordance with the HIPAA Privacy Rules. It is possible that an ACO could act as a private HIE facilitating access among ACO participants. However, because ACOs are also expected to address transitions and access to the medical record when care is received outside of the ACO, participation in a regional HIE might be a more effective alternative for data sharing related to care coordination.

Another possibility not mentioned by CMS would be to treat the ACO as an Organized Health Care Arrangement (OHCA). For purposes of HIPAA, an OHCA can be either (1) a “clinically integrated care setting in which individuals typically receive health care from more than one health care provider”; or (2) an organized system of healthcare in which the participating covered entities hold themselves out to the public as participating in a joint arrangement and participate in joint activities that include either utilization review, quality assessment and improvement activities or payment activities related to the administration of risk sharing activities.30 OHCAs can share PHI among participating entities for any healthcare operations of the OHCA and do not have the same limitations related to prior or current relationships with patients.31

Additional Considerations
ACOs planning for technological needs will have many additional considerations, such as how to fund the purchase of such technology. While it might be helpful for an ACO to assist participants with the purchase of HIT hardware or software, any such assistance to referral sources will need to be structured in a manner that complies with the applicable Stark exception or Anti-kickback safe harbor.32

ACO participants purchasing new technology will also want to ensure that any EHR products are certified by an ONC-authorized testing body33 and that vendor contracts are carefully reviewed by an attorney familiar with HIT issues. ACOs and their participants must also acknowledge and plan for a learning curve when implementing HIT into their practices so that work flow is not interrupted and neither documentation nor patient care suffers.

Conclusion
ACOs wishing to participate in the MSSP have many concerns to address, including provider alignment, corporate formation and contracting issues. As ACOs consider the many elements that will be required for successful participation in the MSSP, the important role of HIT should not be forgotten.



1

76 Fed. Reg. 19528.

 

2

76 Fed. Reg. 19648; 42 CFR §425.9.

 

3

Id.

 

4

76 Fed. Reg. 19648; 42 CFR §425.10

 

5

76 Fed. Reg. 19571-19591.

 

6

76 Fed. Reg. 19592. The Physician Quality Reporting System (PQRS) is a system originally authorized by the Tax Relief and Health Care Act of 2006 to provide financial incentives for eligible professionals who satisfactorily report on a designated set of quality measures. The 2011 PQRS Final Rule can be found at 75 Fed. Reg. 73169.

7 76 Fed. Reg. 19593.
8

76 Fed. Reg. 19571-19591; the HITECH Meaningful Use Rules are found at 75 Fed. Reg. 44315.

 

9

76 Fed. Reg. 19648.

 

10

76 Fed Reg. 19600.

 

11

Id.

12

CMS Administrator Donald Berwick and other CMS personnel have frequently referred to the goals of better care for individuals, better health for populations and lower per capita spending without harm to patients as the “triple aim”. See e.g., CMS ACO Workshop Transcript, available at: http://www.cms.gov/PhysicianFeeSched/downloads/10-5-10ACO-WorkshopAMSessionTranscript.pdf

13

76 Fed. Reg. 19533.

14

76 Fed. Reg. 19547.

15

76 Fed. Reg. 19645; 42 CFR §425.5(15).

16

76 Fed. Reg. 19547.

17

76 Fed. Reg. 19547.

18

76 Fed. Reg. 19548.

19

76 Fed. Reg. 19645.

20

76 Fed. Reg. 19645; 42 CFR §425.5(15).

21

Id.

22

76 Fed. Reg. 19645; 42 CFR §425.5(9).

 

23

76 Fed. Reg. 19548.

 

24

76 Fed. Reg. 19555 – 19556. The Health Insurance Portability and Accountability Act of 1995 is codified in sections 1171 through 1179 of the Social Security Act; See also, the HIPAA Privacy Rule at 45 CFR Part 164, Subpart E and the Security Rule at 45 CFR Part 164 Subpart C.

25

45 CFR §160.103.

26

Protected Health Information includes any identifiable information that “relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.” 42 CFR §160.103.

27

45 CFR §164.506.

28

Id.

29

76 Fed. Reg. 19556. A business associate is an entity or individual that performs a function or activity on behalf of the covered entity involving the use of protected health information. See 45 CFR §160.103.

30

For purposes of HIPAA, information is considered “de-identified” if 18 “identifiers” are removed. 45 CFR §164.514. Once the information has been “de-identified” it is no longer considered PHI. 45 CFR §164.502(d).

31

45 CFR §160.103

 

32

45 CFR §164.506(c)(5).

33

See 42 CFR §100.952(x)-(y) and 42 CFR §411.357(v)-(w).

 

34

In order to be eligible for HITECH incentives, providers must utilize a certified EHR. 75 Fed. Reg. 44314. A list of certified EHR products can be found at http://onc-chpl.force.com/ehrcert.


The ABA Health eSource is distributed automatically to members of the ABA Health Law Section . Please feel free to forward it! Non-members may also sign up to receive the ABA Health eSource.