CMS Conditions of Participation, Compliance
Audits & Consequences

Conditions of Participation (CoPs) are the most significant and consequential regulatory lever that the Centers for Medicare and Medicaid Services (CMS) has to authorize or terminate a hospital’s certification. Certification is critical for hospitals as it determines whether hospitals can receive CMS payments, which often make up more than 50% of a hospital’s payer mix. To receive or maintain their certification, hospitals must meet all CoPs, making CoP compliance essential to hospital operations.

The new Interoperability and Patient Access Rule, which CMS finalized in March 2020, and published to the Federal Register on May 1, 2020, creates a new CoP provision which requires hospitals, psychiatric hospitals, and Critical Access Hospitals to share electronic event notifications, or e-notifications, with other providers across the continuum of care whenever patients have inpatient or emergency department care events. This compliance requirement will go into effect on May 1, 2021 and adds to the list of CoPs hospitals must fulfill to successfully maintain their CMS certification and continue to receive CMS payments.

Why are CoPs important?

CoPs are the minimum requirements that CMS sets to protect the health and safety of patients and to improve quality of care. They are critical to all aspects of hospital operations and address policies and procedures related to infection control, staffing ratios, medical records documentation, compliance with applicable federal, state, and local laws, and patient’s rights among others. CoPs are the provisions that State Survey Agencies or Accreditation Organizations audit during their unannounced surveys.

Deficiencies with any CoP can lead to certification termination and will set off a cascade of time-bound termination and corrective action procedures. The threat of losing CMS certification and payments is significant as Medicare represents approximately 40% of a hospital’s payer-mix and Medicaid usually over 20%.  All CoPs are formalized as part of the Code of Federal Regulation and CMS has the authority to amend existing CoPs and to create new CoPs.

Hospital Survey Process and the Consequences of Non-Compliance

Surveys, or compliance audits, are unannounced and can either be conducted by the designated State Survey Agency or a CMS-approved Accreditation Organization. Hospitals are assessed for all services, areas, and locations and operate as one unit for compliance purposes. Refusal by the hospitals to participate in a survey can lead to the termination of its certification.

  • To assess compliance, surveyors follow the interpretive guidelines that CMS publishes in the State Operations Manual. Interpretive guidelines are in essence the instructions for compliance assessment and outline the minimum requirements hospitals must meet.  They specify the procedures and methods the survey teams need to follow when determining a hospital’s compliance status.
  • To determine CoP compliance, survey teams review documented hospital policies and procedures, conduct interviews, and review a random sample of medical records.
  • Identified deficiencies and violations can range in their level of severity — from the least serious standard-level citation to a more severe condition-level citation, to immediate jeopardy where a significant threat to patient health and safety exists.  While CMS cannot issue civil monetary penalties, the threat of certification termination and associated lack of CMS payments are even more significant and consequential for continued hospital operations.

Any deficiencies will be formally documented by the survey team and hospitals must follow specific time-bound processes to correct them. Specifically, hospitals have 10 calendar days to return a plan of correction after receiving a warning letter with the documented deficiencies.  Unless hospitals remediate deficiencies, termination of CMS certification will go into effect after 90 days.

E-notification CoP Requirements and Survey Process

The new e-notification CoP will require hospitals, psychiatric hospitals, and Critical Access Hospitals to send, either directly or through an intermediary, electronic event notifications in real-time to those recipients that need to receive notification of the patient’s status for treatment, care coordination, or quality improvement purposes. Included within the specified recipient categories are a patient’s:

  • Established primary care practitioner
  • Established primary care practice group or entity
  • Other practitioner, or other practice group or entity, identified by the patient as the practitioner, or practice group or entity, primarily responsible for his or her care
  • Applicable post-acute providers and suppliers

The new e-notification provisions will be formalized as part of hospitals’ Medical Records Services CoPs at  42 CFR §482.24 (d), the Special Medical Record Requirements for Psychiatric Hospitals CoPs at 42 CFR §482.61 (f), and the Clinical Records CoP for Critical Access Hospital at 42 CFR §485.638 (d).

While CMS has not yet published the interpretive guidelines for the new e-notification requirements, we know that the survey procedures will closely follow those that are already in place for the medical records CoP.  That process involves a review of the organizational structure and policies as well as an interview with the head of medical records.

It also includes a review of a random sample of at least 10% and no less than 30 active and closed medical records.  Hospitals will need to demonstrate their compliance through documentation and show that e-notifications have been sent to applicable recipients for the set of randomly selected medical records.

Ensuring Compliance With the E-notification CoP

Impacted hospitals have until May 1, 2021, to ensure they’re compliant with the new e-notification requirements. To ensure compliance with all components of the new CoP, hospitals should review the compliance checklist and assess their solution capabilities against the list of 8 key considerations.

In particular, hospitals should answer how they or their third party intermediary solution will comply with the following:

  1. Identify & send e-notifications to post-acutes
  2. Meet cross-regional provider notification needs
  3. Ensure appropriate data sharing rights, security, and trust
  4. Send real-time notifications
  5. Manage continuous provider-patient relationship changes
  6. Demonstrate compliance to meet survey requirements
  7. Ensure community-based providers have excellent user experience
  8. Meet compliance by the May 1, 2021 deadline

For hospitals that will use third-party intermediaries to meet these compliance requirements, PatientPing’s Route solution offers a compliance guarantee and meets all the published requirements.  To learn more about Route, please contact [email protected] or complete our Contact form.