Stimulus Bill Includes Physician Payments/Penalties and HIPAA Expansions

May 4, 2009

Thanks to the recently passed stimulus package, as much as $44,000 over 5 years will be available to those physicians who become “meaningful users” of electronic health records (EHRs). Physicians who meet the adoption standards in the bill, which have to be ironed out by the Department of Health and Human Services, will qualify for the payments from Medicare. However, physicians who balk run the risk of being docked a tiny portion of Medicare payments starting in 2015.

The March Toward Paperless Health Care

Medicare e-Prescribing Incentive Begins...but DEA Restrictions Could Cause Problems

Medicare Fee Schedule Changes Positive for Psychiatrists in 2009

More > >

Thanks to the recently passed stimulus package, as much as $44,000 over 5 years will be available to those physicians who become “meaningful users” of electronic health records (EHRs). Physicians who meet the adoption standards in the bill, which have to be ironed out by the Department of Health and Human Services, will qualify for the payments from Medicare. However, physicians who balk run the risk of being docked a tiny portion of Medicare payments starting in 2015.

The stimulus provisions are the second prod from Congress on adoption of health information technology. In the Medicare Improvements for Patients and Providers Act of 2008 (MIPPA) that Congress passed last summer, physicians who meet certain e-prescribing goals are eligible for a 2% incentive payment in reporting years 2009 to 2010, for a 1% payment in 2011 to 2012, and for a 0.5% payment in 2013.

The stimulus bill goes beyond MIPPA in that it requires physicians to become meaningful users of EHRs, which encompasses more than just e-prescribing. The stimulus bill broadly defines meaningful use as the use of e-prescribing and quality reporting.

If physicians have not become meaningful users of EHRs by 2015, they will receive only 99% of the Medicare fees they otherwise qualify for, and this will decrease to 98% in 2016, 97% in 2017, and so on thereafter. The Medicare program has the authority to drop the decrease to 95% in 2018 and beyond if fewer than 75% of physicians are meaningful users at that time.

A report published on March 9, 2009, by the consulting firm Avalere Health was skeptical that the money offered to physicians would be enough to convince most practices, particularly smaller ones, to become meaningful users. Don Detmer, MD, MA, president and CEO of the American Medical Informatics Association, said he would have agreed with that assessment before the announcement this winter from WalMart that it plans to market EHR systems for physicians.

Current software systems marketed to physicians are expensive and result in significant time loss during a 3- to 6-month period as an office revises its workflow and other procedures. Detmer explained that WalMart expects to market a robust system at a reasonable price, which will put downward pricing pressure on other vendors. “WalMart is po­tentially a game-changer,” stated Detmer, although he acknowledged that WalMart has not developed its product yet, much less had it certified.

The stimulus bill also expands Health Insurance Portability and Accountability Act (HIPAA) privacy protections for patients, which could complicate life, especially for psychiatrists. Dan Rode, MBA, vice president of the American Health Information Management Association, referred to a provision that allows a patient to pay for a test or a treatment outside insurance and then direct the physician to withhold those results from his or her electronic record, forcing the physician to essentially keep 2 versions of a patient record.

The most far-reaching HIPAA expansion may be the establishment of the first federal security breach notification requirement for the health care industry. This goes beyond most state laws on this subject, according to Kirk J. Nahra, a partner with Wiley Rein LLP in Washington, DC. “While there clearly are open questions about details of the legislation, this provision is broader than most relevant state notification laws because it applies to breaches involving any kind of personal information held by health care companies (rather than only specific categories, such as Social Security numbers) and does not include any ‘risk of harm’ threshold,” Nahra explained in a briefing paper he published on the firm’s Web site.