After years of encouraging hospitals to comply with electronic notification rules, the Centers for Medicare and Medicaid Services (CMS) is wielding its proverbial stick.
Effective April 30, 2021, Medicare-certified hospitals, psychiatric hospitals, and intensive care hospitals (CAHs) must send electronic patient event notifications to other providers in the patient care circle. Unannounced audits can occur at any time, and penalties can be severe, including loss of CMS certification and the ability to recover payments from Medicare and Medicaid.
A related CMS rule, effective December 31, requires providers to publish up-to-date digital contact information about their compliance using an approved method.
Given the confusion and uncertainty caused by the Covid-19 pandemic, many providers may have waited to deploy solutions to transmit electronic admission, discharge and transfer (ADT) notifications, but the wait is over. CMS has made it clear that an audit can begin at any time. Organizations can meet the new rules for notification of patient events as long as they can send electronic messages in specific formats using Direct Secure Messaging, HL7/FHIR, or Electronic Cloud Fax.
The specific type of technology required
CMS announced its intention to issue a final rule on interoperability and patient access in March 2020 that includes electronic ADT notification as a condition of participation (CoP) for hospitals receiving Medicare reimbursement. A month later, CMS announced it was delaying enforcement until May 1, 2021, to give providers more time to implement policies to comply with the final rule, including the ADT notice provision.The final rule is Posted on May 1, 2020.
The impact of these new requirements on your organization is serious. CMS has begun authorizing state investigative agencies and accreditation organizations (AOs) to increase compliance with the new ADT alert requirements in their audits of participating hospitals. The federal agency considers the delivery of ADT notices by fax or telephone to be a non-compliant method of exchanging patient data. Organizations that fail the audit have only 90 days to correct the situation and achieve compliance.
To encourage data exchange interoperability across the healthcare ecosystem, CMS requires providers to publish up-to-date digital contact information in the CMS National Program and Provider Enumeration System (NPPES) as part of the final rule. Non-compliant hospitals would be listed publicly, similar to the Civil Rights Office’s breach notification portal, known as the “Wall of Shame.”
CMS defines digital contact information or “endpoint” as a healthcare provider’s unique electronic address. Because the goal of these endpoints is to allow providers to send authenticated encrypted patient data over the Internet to known and trusted recipients, CMS considers only certain types of digital contact information to be eligible. These include:
Hospitals are responsible for posting up-to-date digital contact information in the NPPES directory using only the technologies listed above. Additionally, providers affiliated with an organization need to have an up-to-date and approved endpoint via a National Provider Identifier (NPI). The deadline to ensure NPPES endpoint data is published and compliant with CMS standards is December 31, so organizations that have not complied face audits and severe penalties.
Fax numbers, emails are not enough for compliance
Email does not meet CMS requirements for secure digital contact information, nor does fax number – even if the provider uses a digital fax solution.
According to CMS“Digital fax numbers are not considered digital endpoints. For those providers who continue to rely on fax-based information sharing models, we hope that greater availability of digital contact information will help reduce the wider availability of patients with whom they are shared barriers to electronic communications.”
Hospitals can still use fax to transmit ADT notifications, using a solution that provides a fax-to-direct workflow that automatically converts digital faxes to acceptable Direct formats. The solution allows employees to maintain the same workflow while complying with CMS regulations.
CMS has made it clear that there will be no deferrals for hardship claims for notification of patient incidents, so now is the time to act. Another compelling reason is that neither the National Bureau of Investigation nor CMS is obligated to alert the facility of an impending audit.
Finally, CMS makes it clear that providers that do not exchange data electronically will publicly pointed out: “If providers do not exchange information electronically and do not have digital contacts, the digital contact fields in their NPPES records will remain blank, and they will appear in public reports for providers who do not have digital contact information in NPPES . The report will be updated once they are able to electronically exchange and update their digital contact information in NPPES.”
Digital solutions are readily available
Digital solutions available today can help Medicare-certified, psychiatric, and intensive care hospitals integrate automated ADT alerts into their daily workflows to meet the standards of the CMS final rule. Solutions can be easily and quickly deployed across an organization without disrupting operations or patient care. The same digital solutions will also enable organizations to comply with the rules of digital contact.
Automatically sending ADT notifications to downstream providers at the right time can help your organization coordinate better outcomes, strengthen relationships with payers and providers, and demonstrate compliance with CMS regulations when the inevitable audit occurs.
Photo: John Kelly, Getty Images
