Centers for Medicare & Medicaid Services (CMS) has proposed extending the use of 2011 certified EHR technology (CEHRT) into 2014. Previously all eligible providers (EPs) were required to use 2014 CEHRT to attest for Meaningful Use in 2014.
The table below explains what version and what Meaningful Use objectives EPs can use in 2014
The table below explains the stages of Meaningful Use depending on when EPs start the process
Note: EPs must use the CEHRT for 3 months ending on the quarter. All EPs in their first year in 2014 can use any continuous 90-day EHR reporting period.
Required Security Risk Assessment
A core requirement to demonstrate Meaningful Use is to perform a Security Risk Assessment. This is true regardless of whether an organization is in Stage 1 or Stage 2 of Meaningful Use.
Timing of Risk Assessment
One question that we were asked repetitively in 2013 was:
Do I have to complete the Meaningful Use Risk Assessment prior to the end of the reporting period or can I do a Risk Assessment after the reporting period?
Guidelines from CMS make it clear that the Meaningful Use Risk Assessment MUST be performed prior to the end of the reporting period.
EPs must conduct or review a security risk analysis of certified EHR technology and implement updates as necessary at least once prior to the end of the EHR reporting period and attest to that conduct or review. The testing could occur prior to the beginning of the first EHR reporting period. However, a new review would have to occur for each subsequent reporting period.
The CMS guidelines make is clear that an organization can perform the Risk Assessment before, during but not after the reporting period has ended.
Meaningful Use Risk Assessment for New Proposed 2014 Changes
With the new proposed changes that were announced, EPs will start to think about attesting for 2014. But keep in mind that the required Risk Assessment has to be performed before, during but NOT after the reporting period has ended.
To attest for 2014 in 1Q 2014 you would have had to completed a Risk Assessment prior to March 31, 2014
To attest for 2014 in 2Q 2014 you would have to complete a Risk Assessment prior to June 30, 2014
To attest for 2014 in 3Q 2014 you would have to complete a Risk Assessment prior to September 30, 2014
To attest for 2014 in 4Q 2014 you would have to complete a Risk Assessment prior to December 31, 2014