A Review of 2020 Rules Affecting 2021


In 2020, due to the public health emergency (PHE), the Centers for Medicare and Medicaid (CMS) released several rules and provisions that relaxed the compliance and enforcement dates for regulatory requirements.  As we head into 2021, and with the continuation of the PHE, we are providing you with a recap of the CMS rules and provisions focused on interoperability and value-based care for providers and payers.  The table below specifies each of the reviewed rules and highlights the key regulatory impact for the rule/program.

# Rule / Program Regulatory Impacts
1 Interoperability & Patient Access – Payers Provide APIs for patients to access their information as well as provider directory
2 Interoperability & Patient Access – Providers ADT Event Notifications required as part of conditions of participation (CoP)
3 Information Blocking Entities who are information blockers will be publicly reported
4 Promoting Interoperability Program Public reporting of eCQM data begins in 2022
5 Quality Payment Program MIPS Value Pathways postponed to 2022; new APP program for MIPS APMs in 2021
6 Medicare Shared Savings ACOs APM Performance Pathway (APP) replaces Web Interface collection type in 2022
7 Telehealth CMS made some interim codes permanent; audio only E/M codes will end with PHE
8 Transparency in Coverage – Payers Disclose to participants cost sharing information for covered items or services
9 Proposed Modifications to HIPAA Privacy Would reduce administrative burdens on HIPAA covered providers and plans
10 Prior Authorizations – Payers Requires prior authorizations via electronic format

Rule Summaries

1) CMS’ Interoperability and Patient Access – Payer Provisions. Final Rule, 5/1/2020.

Focus: APIs and Payer-to-Payer data exchange

About this rule Rule Summary Implications: Payers Will Need To…

Who: Medicare and Medicaid payer organizations.

Areas of Focus: Requires APIs, health information exchange, and care coordination across payers.

Enforcement Date (ED): On 4/21/2020, CMS and ONC announced a policy of enforcement discretion to allow compliance flexibilities regarding implementation of the interoperability final rules due to COVID-19.  CMS provided hospitals an additional 6 months to implement new requirements.

The Final Rule focuses on patient access to electronic health information (EHI) and interoperability among providers, payers, and patients.

CMS finalized four new policies for payers:

1. Patient Access through APIs. ED – July 1, 2021

2. API access to published provider directory data. ED – July 1, 2021

3. Payer-to-Payer Data Exchange. ED – January 1, 2022

4. Increased Frequency of federal-state data exchanges for dual eligible members. ED – April 1, 2022

  • Define and implement an API enablement strategy; establish an end-to-end API operating model; implement, configure, and maintain security functionalities; update security policies; plan to validate / approve third party developer’s access to their APIs.
  • Implement processes and technology to facilitate data exchange with other payers.

Sources: CMS Patient Access and Interoperability Final Rule; eMRB blog, 4/24/2020: CMS and ONC Final Rules – What It Means for Providers and Payers.

2) Interoperability & Patient Access – Providers. Final Rule, 5/1/2020.

Focus: Information Blocking, ADT Event Notifications

About this rule Rule Summary Implications: Providers Will Need To…

Who: Providers

Areas of Focus: Patient access to EHI and interoperability among providers, payers, and patients.

Compliance Date (CD): Dependent on provision.

Enforcement Date (ED): On 4/21/2020, CMS and ONC announced a policy of enforcement discretion to allow compliance flexibilities regarding implementation of the interoperability final rules due to COVID-19.  CMS provided hospitals an additional 6 months to implement new requirements.

For Medicare and Medicaid providers, new policies include deterrents for not attesting yes to required information blocking statements, and a new condition of participation (CoP) requirement for electronic patient event notifications.

The 3 policies for Providers are:

1. Public reporting and information blocking. CD – late 2020

2. Digital contact information. CD – late 2020

3. Admission, Discharge, and Transfer (ADT) Event Notifications. CD – Spring 2021; ED – May 1, 2020

  • Have policies and procedures in place to ensure information blocking practices are prevented.
  • Update their NPPES record online with digital contact information.
  • Clean up master files to ensure up-to-date digital information in NPI.

Sources: CMS Patient Access and Interoperability Final Rule; eMRB blog, 4/24/2020: CMS and ONC Final Rules – What It Means for Providers and Payers.

3) Information Blocking. Final Rule, 5/1/2020; Interim Final Rule with Comment Period, 11/4/2020.

Focus: Information Blocking and Health IT Certification

About this rule Rule Summary Implications

Who: Health IT Developers, Providers, HIEs.

Area of Focus: Advances interoperability; supports access, exchange and use of EHI; addresses occurrences of information blocking.

Compliance Dates:  Final rule published on 5/1/2020 was effective on 6/30/2020.  ONC enforcement discretion announced on 4/21/2020 provided 3 months after each initial compliance date.  Interim Final Rule (IFC) on 11/4/2020 extended certain compliance dates.

Information Blocking.  Outlines 8 activities that interfere with the access, exchange, or use of EHI, but do not constitute information blocking.

  • IFC Compliance Date: 11/2/2020

Updated EHR Certification Criteria.  The functionality EHR vendors need to demonstrate in order to become a certified EHR technology (CEHRT).

  • IFC Compliance Dates: 12/31/2022; and 12/31/2023 for EHI export

Health IT for the Care Continuum.  EHR certification criteria that would support voluntary certification of health IT for pediatric settings.  Ten recommendations for Health IT Developers.

  • Providers and payers will need to update policies and procedures to prevent information blocking practices, including Security Risk Analysis.
  • Providers will need to implement updated and new EHR functionality once available from their vendor as well as update workflow processes.
  • Providers will no longer have to develop and support two forms of the QRDA standard (QRDA I and QRDA III).

Sources: ONC Interoperability Final Rule, Announcement, IFC; eMRB blog, 4/24/2020: CMS and ONC Final Rules – What It Means for Providers and Payers.

Information Blocking. Proposed Rule, 4/24/2020.

Focus: Information Blocking Civil Money Penalties

About this rule Rule Summary Implications

Who: Applies to Health IT developers of certified health IT, health information networks, and health information exchanges.

Areas of Focus: Proposed to incorporate new Civil Money Penalty (CMP) authorities for information blocking.

Original Compliance Date: Not applicable until final rule is published; comments were due to OIG on 6/23/2020.

Enforcement Date: Proposed to be 60 days after final rule is published.

Statutory Date: Final rule not published; the statutory due date for the final action is 08/00/2021.

  • Among this proposed rule’s provisions, it would amend the civil money penalty (CMP) rules to incorporate new CMP authorities for information blocking.
  • HHS has the authority to impose CMPs up to $1 million per violation on the applicable entities.
  • OIG’s CMP authority does not extend to health care providers; appropriate disincentives will be established in future notice and comment rulemaking.
  • If it is determined that a provider has committed information blocking, OIG will refer that health care provider to the appropriate agency for appropriate disincentives.
  • Most likely the complaint will be passed to HHS’ Office for Civil Rights (OCR) to investigate; if a provider is following the HIPAA patient access rules, they should be fine.

Sources: OIG’s Proposed Rule; eMRB blog, 4/24/2020: CMS and ONC Final Rules – What It Means for Providers and Payers.

4) Promoting Interoperability Program.  Final Rule, 9/2/2020.

Focus: Promoting Interoperability (PI) Program and eCQMs

About this rule Rule Summary Implications

Who: Eligible Hospitals

Areas of Focus: Hospital Medicare and Medicaid PI programs and eCQMs for Medicare IQR program.

Updates: The most significant quality reporting updates in this rule are for eCQMs.

Effective Date: 10/1/2020

Compliance Dates:  Beginning with FY 2021 quality reporting year.

  • Yearly increase in number of self-selected quarters for eCQM reporting.
  • Publicly reporting eCQM data by 2022.
  • Integrating the validation processes for chart-abstracted measures and eCQMs.
  • Minor modifications to the PI Program objective measures.
  • Certified EHR technology (CEHRT) requirements for the hybrid measures.
  • Hospitals can use either 2015 Edition or 2015 Edition Cures Update standards.
  • Public reporting of eCQMs requires updates for monitoring outcomes.
  • Increased reporting periods require vendor coordination for reports.
  • Chart-abstraction CQM validation process now requires hospitals to submit PDF copies using direct electronic file submission via secure ftp.
  • Potential data collection issues with hybrid measures; time and effort to map, extract and validate core clinical data elements from the EHR.

Sources: FY 2021 IPPS Final Rule; eMRB blog, 10/2/2020: CMS Rules for 2021: Key Takeaways on Telehealth, PI Program and Other Rule Provisions.

5 and 6) Quality Payment Program. Final Rule, 12/28/2020.

Focus: Merit-based Incentive Payment System (MIPS) and Medicare Shared Savings Program (MSSP)

About this rule Rule Summary Implications

Who: Eligible Clinicians (ECs)

Areas of Focus: Merit-based Incentive Payment System (MIPS) Medicare Shared Savings Program (MSSP) ACOs; Care Management Services / Remote physiologic monitoring (RPM); CEHRT.

Effective Date: Most regulations were effective on 1/1/2021.

Compliance Dates: Beginning with CY 2021 quality reporting year.

  • QPP: Implementing MIPS Value Pathways (MVPs) in 2022.
  • APM Performance Pathway (APP): New reporting framework for MIPS ECs; aligns with MVP framework (fewer measures).
  • QPP: Updates to MIPS performance measures and activities.
  • MSSP ACOs: 2021 reporting, can report the APP measure set or Web Interface measures; 2022 requires APP measure set.
  • RPM: Code refinements and consent for RPM services.
  • Prepare new health IT capabilities and infrastructure components to implement MVPs (for 2022 reporting).
  • APP eCQMs will require new data collection format and collection of all-payer data.
  • Ensure vendor progress on 2015 Edition Cures Updates.

Sources: CMS CY 2021 PFS Final Rule; eMRB blog, 10/2/2020: CMS Rules for 2021: Key Takeaways on Telehealth, PI Program and Other Rule Provisions.

7) Telehealth. Final Rule, Interim Final Rule with Comment Period, 12/28/2020.

Focus: Telehealth provisions in the Physician Fee Schedule (PFS) Final Rule and Interim Final Rule with Comment Period (IFC); and emergency rule-making.

About this rule Telehealth Summary in PFS Final Rule Emergency Rulemaking Implications

Who: Eligible Clinicians (ECs)

Areas of Focus: Telehealth communications technology; payment for E/M services; and PHE Interim rules.

IFC portion requests comment on coding and payment for virtual check-in services; comments were due on 2/1/2021.

Effective Date: Most regulations were effective on 1/1/2021.

Compliance Dates: Beginning with CY 2021 quality reporting year.

  • Finalized permanent addition of codes for 7 Medicare telehealth services.
  • Created new Category 3 criteria for temporary services to evaluate post-PHE; finalized 63 temporary codes under this category.
  • Audio only E/M codes will end with PHE.
  • March 31, 2020 COVID-19 IFC.  CMS added 89 services to the Medicare telehealth services list on an interim basis.
  • May 8, 2020 COVID-19 IFC.  CMS removed the requirement for undertaking rulemaking and added 46 more services to the Medicare telehealth services list on an interim basis.
  • October 14, 2020.  CMS added 11 more services to the Medicare telehealth list on a subregulatory basis.
  • Providers will need to track and manage PHE interim telehealth codes.
  • The extension of the PHE into CY 2021 ensures that clinicians will have at least the entirety of 2021 to collect evidence to support a request to add these services permanently to the Medicare telehealth list.

Sources: CMS CY 2021 PFS Final Rule; eMRB blog, 10/2/2020:  CMS Rules for 2021: Key Takeaways on Telehealth, PI Program and Other Rule Provisions.

8) Transparency in Coverage – Payers, 11/12/2020.

Focus: Payer cost-sharing disclosure

About this rule Rule Summary Implications

Who: Group Health Plans and Health Insurance Issuers.

Areas of Focus: Disclosure of pricing and cost-sharing information.

Effective Date: 1/18/2021

Compliance Date: Beginning 1/1/2023

  • Plans and issuers are required to design, develop, and deploy an internet-based self-service tool made available on an internet website.  Plans and issuers must make cost-sharing information available for a covered item or service from providers for 500 specified items and services beginning on 1/1/2023, and cost-sharing information available for all items and services beginning on 1/1/2024.
  •  Plans and issuers are required to disclose pricing information to the public through three machine-readable files displayed in standardized format and updated monthly beginning on or after January 1, 2022.
    • One file requires disclosure of payment rates negotiated between plans or issuers and providers for all covered items and services.
    • The second file will disclose the unique amounts a plan or issuer allowed, as well as associated billed charges, for covered items or services furnished by out-of-network providers during a specified time period.
    • A  third file will include pricing information for prescription drugs.
  • Allow insurers who pass on savings encouraging use of services from lower-cost, higher-value providers to take credit for “shared savings” payments in their MLR calculations beginning with 2020 reporting year.
  • Cost to plans, issuers and TPAs to plan, develop, and build the required internet-based self-service tool and machine-readable files.
  • Increased operating costs in training staff to use the internet-based self-service tool, responding to consumer inquiries, and delivering consumer’s cost-sharing information and required notices.

Sources: Transparency in Coverage Final Rule; CMS 10/29/2020 Press Release and Fact Sheet.

9) Proposed Modifications to HIPAA Privacy.  Proposed Rule, 12/10/2020.

Focus: Protected Health Information (PHI) disclosures

About this rule Rule Summary Implications

Who: Covered Entities (providers, payers, and insurers).

Areas of Focus: Would modify standards for the Privacy of individually identifiable health information.

Effective Date: Effective date of a final rule would be 60 days after publication.

Compliance Date: HHS proposes a compliance date of 180 days after the effective date of a final rule.  OCR would begin enforcement of the new and revised standards 240 days after publication of a final rule.

Current Status: Rule was published in Federal Register on 1/21/2021.

  • Expand scope of covered entities’ abilities to disclose PHI to social services agencies, community-based organizations, home and community-based service providers, and other similar third parties that provide health-related services.
  • Address standards that may impede the transition to value-based health care by limiting or discouraging care coordination and case management communications among individuals and covered entities or posing other unnecessary burdens.
  • OCR proposes definitions for coordination and management of care for electronic health record and personal health applications, and the term clinician.
  • Proposed health IT implications include allowing individuals to take notes or use personal resources to view and capture images of their PHI; requiring covered providers and health plans to submit an individual’s access request to another provider and receive back the requested electronic copies of the individual’s PHI in an EHR.
  • OCR would require covered entities to post estimated fee schedules on their websites and if requested by individuals, provide estimates of fees for copies of PHI and itemized bills.
  • Strengthen individuals’ rights to access their own health information.
  • Improve information sharing for care coordination and case management.
  • Facilitate greater family and caregiver involvement in care for emergencies or health crises.
  • Enhance flexibilities for disclosures in cases such as Opioid and PHE.

Sources: Proposed Modifications to the HIPAA Privacy Rule Proposed Rule; HHS Press Release; Health IT News, HHS floats major changes to HIPAA Privacy Rule.

10) Prior Authorizations – Payers.  Final Rule, released 1/15/2020.

Focus: Enhanced Interoperability & Patient Access Policies

About this rule Rule Summary Implications

Who: Impacted Payers — Medicaid and CHIP managed care plans, state Medicaid and CHIP fee-for-service programs (FFS) and issuers of individual market Qualified Health Plans (QHPs) on the Federally Facilitated Exchanges (FFEs).

Areas of Focus: Enhance certain policies from the CMS Interoperability and Patient Access final rule, add new requirements to implement APIs, and make changes to prior authorization practices.

Effective Date: The regulations are effective 60 days after the date of publication in the Federal Register.  The rule was released by HHS but had not been filed as of 1/20/2021.  And as of 1/20/2021, a regulatory freeze was issued that pauses any new regulations from moving forward.

Compliance Dates: Provisions will be implemented on January 1, 2023, with the exception of amendatory instructions 5, 22, and 28, which will be implemented on January 1, 2024.

  • Adopts certain specified implementation guides (IGs) needed to support new API policies for impacted payers.
  • Requires building and implementing FHIR-enabled APIs that allow providers to know in advance what documentation is needed for each different health insurance payer, streamline the documentation process, and enable providers to send prior authorization requests and receive responses electronically, directly from the provider’s EHR or other practice management system.
  • Medicare FFS and Medicare Advantage plans are not directly impacted by this rule, but CMS notes they will consider proposing Medicare payers in future rulemaking.
  • The patient-initiated payer-to-payer data exchange requirements would require exchange conducted via a specified HL7 FHIR-based API.
  • Implement and maintain a prior authorization documentation requirement lookup service (DRLS) API.
  • Integrated within a provider’s workflow, and aligned with HIPAA transaction standards, a FHIR-based prior authorization support (PAS) API with capability to accept and send prior authorization requests and decisions.

Sources: CMS Interoperability and Prior Authorization Final Rule (HHS-Approved version); CMS Press Release: 1/15/2021, CMS Puts Patients Over Paperwork with New Rule that Addresses the Prior Authorization Process; Biden-Harris Transition Fact Sheet, 1/20/2021: President-elect Biden’s Day One Executive Actions Deliver Relief for Families Across America Amid Converging Crises.


Acronyms

Accountable Care Organization (ACO); Admission, Discharge & Transfer (ADT); Application Programming Interface (APIs); Alternative Payment Model (APM); APM Performance Pathway (APP); Centers for Medicare and Medicaid Services (CMS); Certified Electronic Health Record Technology (CEHRT); Children’s Health Insurance Program (CHIP); Civil Money Penalty (CMP); Conditions of Participation (CoP); Department of Health and Human Services (HHS); Documentation Requirement Lookup Service (DRLS); Electronic Clinical Quality Measure (eCQM); Electronic Health Information (EHI); Electronic Health Record (EHR); Eligible Clinician (EC); Evaluation and Management (E/M); Federally-Facilitated Exchanges (FFEs); Fee-for-Service (FFS); Fast Healthcare Interoperability Resources (FHIR); Health Insurance Portability and Accountability Act of 1996 (HIPAA); Health Information Exchange (HIE); Health Level Seven (HL7); Implementation Guide (IG); Inpatient Quality Reporting (IQR); Interim Final Rule with Comment Period (IFC); Medical Loss Ratio (MLR); Medicare Shared Savings Program (MSSP); Merit-based Incentive Payment System (MIPS); MIPS Value Pathways (MVPs); Office for Civil Rights (OCR); Office of Inspector General (OIG); Office of the National Coordinator for Health Information Technology (ONC); National Provider Identifier (NPI); National Plan and Provider Enumeration System (NPPES); Prior Authorization Support (PAS); Promoting Interoperability (PI); Public Health Emergency (PHE); Qualified Health Plans (QHPs); Quality Payment Program (QPP); Quality Reporting Document Architecture (QRDA); Remote Physiologic Monitoring (RPM); Third-Party Administrator (TPA).

About Emids Regulatory Review Board (EMRB)

Collaboration of content for this blog was provided by eMRB subject matter experts, covering important quality reporting topics for our customers and partners.  Points of view and interpretation were relevant at time of authorship; however, they are subject to change over time.  For more information about these changes, contact us at engage@emids.com.

Sign up to receive our latest insights