The CMS E-Notifications CoP Compliance Breakdown: Mid-Sized Hospitals

The Centers for Medicare and Medicaid Services’ (CMS) Interoperability and Patient Access E-Notifications Condition of Participation (CoP) deadline is rapidly approaching for hospitals and health systems. From the smallest rural hospitals to the largest health systems, compliance with this CoP brings varying levels of complexity.

Today’s mid-sized hospitals can face their own set of challenges ranging from the increased demand for service lines, growing patient populations, and the need to share data with regional health exchanges while complying with expanding regulatory requirements. Considerations like these, combined with the COVID-19 pandemic and impending deadline for achieving compliance with the CMS Interoperability and Patient Access Rule E-Notifications Condition of Participation Provision, make for an overwhelming task, especially for CIOs and administrative professionals who typically have more complicated systems than small hospitals, with fewer compliance and technical support staff than larger hospital systems.

With the May 1st deadline rapidly approaching, we’ve compiled a list of Q&As to help guide you through the process. These questions can be used as a resource to help clarify any misconceptions, avoid deficiencies that could jeopardize your CMS certification status, and provide advice for implementing a CoP solution that addresses the unique pain points that mid-sized hospitals face on a daily basis.

As a mid-sized hospital, we have a large local network of providers. Is our HIE able to ensure 100% compliance with the e-notification CoP?

Even though most care events in your mid-sized hospital network may be local, the new CoP requires e-notifications be sent at the time a patient event occurs to any established practitioner, practice group/ entity, or post-acute regardless of their geographic location. This means that your mid-sized hospital must ensure care coordination both within your system and beyond, which requires the consideration of scenarios such as a patient traveling across state lines. Because most HIEs send notifications only within their state or regional borders, they may not have the required dynamic roster or census capabilities developed to service in the full range of providers as required. Limitations such as these would prevent real-time notifications from being sent on behalf of the hospital to all necessary providers. As a result, it is critical for hospitals to evaluate your HIE’s capabilities in order to avoid non-compliance risk and undue exposure, as even if you use an intermediary, hospital leaders are ultimately held accountable for meeting compliance requirements.

Our mid-sized hospital already has an existing relationship with EHR vendor(s). Do we already have the capabilities to field all external requests for e-notifications from community providers?

Most EHR vendors typically provide solutions to enable Direct Messages upon inpatient events, in particular discharge events, as was specified under Meaningful Use. However, the new CoP notification requirements are expanded where hospitals are required to send notifications upon all inpatient and emergency department events. To support treatment and care coordination activities, this rule expansion also makes it so those notifications must be sent to providers identified in the EHR as well as to those providers with attributed patients that request notifications. As a result, your hospital’s solution must: 1) manage notification requests from patients’ attributed providers across the care continuum, 2) accurately match patients’ care events, and 3) send notifications based on the matches in real-time to the appropriate practitioner or entity. This means that it is most likely not enough to rely on your EHR vendor to meet compliance requirements. You can assess this by approaching your EHR vendor directly. Ask them if your existing EHR solution has the ability to guarantee compliance with the new rule.

We don’t want another layer of technology to log into to send and receive data. Can we handle the requirements internally?

The ultimate goal of the new CoP is for hospitals to adopt a more comprehensive information sharing solution. As a result, it is critical for mid-sized hospitals to fully understand and address all requirements in order to avoid deficiencies on surveys. Hospitals should plan for a moderate to significant increase in their operating budgets if they wish to establish a process to handle the requirements internally because it will require a full assessment of current capabilities compared against the requirements of the CoP. To meet CoP requests, your hospital will need to have the capability to manage patient rosters and match patient care events to those rosters, which then trigger notifications. Also, since care relationships can change daily, your mid-sized hospital will need to plan for an increase in the technical complexity of managing e-notifications as your patient attribution information must be updated from rosters accordingly. To determine if your hospital can adequately address the requirements, you will need to consider the added workflows, processes and staffing requirements for establishing this type of infrastructure, as well as account for any necessary data share agreements between the hospital and the notification recipient to ensure compliance with all federal and state laws and regulations. Due to this level of complexity, many mid-sized hospitals are finding that an alternative solution can be more easily integrated with existing technology and is often more cost effective to implement a manual approach.

Amidst COVID-19 and other initiatives, our hospital has a lot going on. Do we need to prioritize this requirement right now?

Necessary data share agreements need to be in place between the hospital and the notification recipient to ensure compliance with all federal and state laws and regulations. As a result, hospitals of all sizes need to assess their existing notification capabilities and identify any gaps as quickly as possible, as building a solution or vetting a third-party intermediary will require time, and there will be significant consequences of non-compliance. Mid-sized hospitals assessing their priorities should consider the workflows and processes they have in place to meet these requirements and whether they can adequately address them in time for the May 1st compliance deadline.