Download PDF

June 9, 2023

Submitted via the Federal eRulemaking Portal: http://www.regulations.gov

Administrator Chiquita Brooks-LaSure

Centers for Medicare and Medicaid Services

7500 Security Boulevard

Baltimore, MD 21244

RE: Medicare Program; Proposed Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and the Long-Term Care Hospital Prospective Payment System and Policy Changes and Fiscal Year 2024 Rates; Quality Programs and Medicare Promoting Interoperability Program Requirements for Eligible Hospitals and Critical Access Hospitals; Rural Emergency Hospital and Physician-Owned Hospital Requirements; and Provider and Supplier Disclosure of Ownership [CMS-1785-P]

Dear Administrator Brooks-LaSure:

The College of Healthcare Information Management Executives (CHIME) appreciates the opportunity to comment on the Centers for Medicare & Medicaid Services’ (CMS) hospital inpatient prospective payment system (IPPS) proposed rule for fiscal year (FY) 2024 as published on May 1, 2023 in the Federal Register (Vol. 88, No. 83).

Background

CHIME is an executive organization dedicated to serving chief information officers (CIOs), chief medical information officers (CMIOs), chief nursing information officers (CNIOs) and other senior healthcare IT leaders. With over 5,000 members, CHIME provides a highly interactive, trusted environment enabling senior professional and industry leaders to collaborate; exchange best practices; address professional development needs; and advocate for the effective use of information management to improve the health and healthcare in the communities they serve.

Key Recommendations ____

In our comments, CHIME provides responses to address the proposals included in this Notice of Proposed Rulemaking (NPRM). Specifically, we are providing comments on proposed new requirements and revision of existing requirements for eligible hospitals and critical access hospitals (CAHs) participating in the Medicare Promoting Interoperability (PI) Program. Additionally, we offer feedback and recommendations to constructively improve the final rule.

CHIME believes the following areas are especially important for CMS to consider when finalizing the provisions in this important proposed rule, and our detailed recommendations are included below:

Proposed Changes to the Promoting Interoperability (PI) Performance Category Modify requirements for the Safety Assurance Factors for EHR Resilience (SAFER) Guides measure to require eligible hospitals and CAHs to attest “yes” to having conducted an annual selfassessment of all nine SAFER Guides at any point during the calendar year in which the EHR reporting period occurs. It begins with the EHR reporting period in CY 2024, in order to satisfy the definition of a meaningful EHR user under 42 CFR 495.4. * CHIME strongly opposes this proposal, and makes detailed recommendations below.

Amend the definition of “EHR reporting period for a payment adjustment year” for participating eligible hospitals and CAHs to define the EHR reporting period in CY 2025 as a minimum of any continuous 180-day period within CY 2025. CHIME broadly supports this proposal – however, we recommend that CMS provide flexibility for hospitals that may switch EHRs within an EHR reporting period, and those that have an EHR vendor acquired or divested.

By creating this opportunity for stakeholders to engage – especially those with the subject matter and expertise in healthcare information technology (IT) – throughout the policy development and implementation process, we believe invaluable input will be garnered.

Detailed Recommendations

The fragmentation of the current SAFER Guides requires inefficient, redundant reporting from providers. As proposed, CMS will simply shift more burden on providers that are already severely strained, understaffed, and under-resourced. It furthermore could constitute a significant burden on small, rural and safety-net providers. Most healthcare providers are experiencing significant challenges related to post-pandemic burnout, workforce shortages, and rising cybersecurity attacks. Thus, CHIME urges CMS to consider the implications of imposing this new requirement. Again, while we agree that the concept is well-intended, we worry this will result in an unfunded mandate and will not address some of the key challenges – specifically, patient safety – it aims to solve. Therefore, CHIME is respectfully requesting that CMS not move forward with implementing this proposal at this time.

Safety Assurance Factors for Electronic Health Record (EHR) Resilience Guides (SAFER Guides)

In the FY 2022 IPPS/LTCH PPS final rule, CMS adopted the Safety Assurance Factors for EHR Resilience (SAFER) Guides measure under the Protect Patient Health Information Objective beginning with the EHR reporting period in calendar year (CY) 2022. Eligible hospitals and CAHs were required to attest to whether they have conducted an annual self-assessment using all nine SAFER Guides, at any point during the CY in which the EHR reporting period occurs, with one ‘‘yes/no’’ attestation statement. Beginning in CY 2022, the attestation of this measure was required, but eligible hospitals and CAHs were not scored, and an attestation of “yes” or “no” were both acceptable answers without penalty. ____

CMS is now proposing modify their requirements for the SAFER Guides measure beginning with the EHR reporting period in calendar year (CY) 2024, to require eligible hospitals and CAHs to attest “yes” to having conducted an annual self-assessment of all nine SAFER Guides at any point during the calendar year in which the EHR reporting period occurs.

CMS asserts that “this is feasible for eligible hospitals and CAHs, as they have had time to grow familiar with the use of the SAFER Guides by attesting either “yes” or “no” to conducting the self-assessment.” CMS further notes “the availability of resources to assist eligible hospitals and CAHs with completing the self-assessment as required by the SAFER Guides measure” – and includes only one example of “such resources” – a “SAFER Guides authors’ paper” available online. Notably, CMS states that this paper is “available without charge to download or use at https://jamanetwork.com/journals/jama/fullarticle/2788984. ” Multiple attempts from various users from a variety of devices across networks – to access this free “resource” prompted users to "access your subscriptions" by entering payment or to log-in to access their paid subscription . In other words, the only resource CMS is offering for hospitals and healthcare providers to utilize in assisting them with completing not one – but nine – SAFER Guides, must be purchased. This is extremely concerning for CAHs and safety-net hospitals, who have had one year to “grow familiar” with the use of the SAFER Guides and may not be ready to attest to all nine guides due to less familiarity and lack of resources.

As previously mentioned, CHIME members have only had one year to “grow familiar” with attesting either yes or no to having “conducted the self-assessment” – which is not sufficient. Our members, even those that are larger and have more resources than most other hospitals and healthcare systems, shared that they found the CY 2022 year requirement to perform a self-assessment using all nine SAFER Guides with one “yes/no” attestation statement to be a massive, onerous undertaking. This is an extremely concerning indication for our members – hospitals and healthcare systems – that are under-resourced, rural, facing workforce shortages and burnout, all while serving the most vulnerable patients. Given this proposed rule is lacking a single, free resource to assist eligible hospitals and CAHs with the use of the SAFER Guides, we would respectfully urge CMS to create an easy-to-access – and free for users – website of resources that will assist healthcare delivery organizations (HDOs).

As CMS states, the “SAFER Guides measure is intended to incentivize [emphasis added] eligible hospitals and CAHs to use all nine SAFER Guides to annually assess EHR implementation, safety and effectiveness; identify vulnerabilities; and develop a “culture of safety” within their organization.” CHIME members remain steadfast in their commitment to being partners with their patients to facilitate greater – and safer – interoperability. CMS’s proposal to require eligible hospitals and CAHs to conduct the annual SAFER Guides self-assessments and attest a “yes” response accounting for a completion of the self-assessment for all nine guides, is counterintuitive to the measure’s stated intent. Furthermore, under this proposal, an attestation of “no” would result in the eligible hospital or CAH not meeting the measure and not satisfying the definition of a meaningful EHR user under existing statute, which would subject the eligible hospital or CAH to a downward payment adjustment. A downward payment adjustment is not an incentive; rather, it creates a potential penalty approach resultant to this rulemaking.

The SAFER Guides are organized into broad categories: Foundational guides (High-priority practices and Organizational responsibilities); Infrastructure guides (Contingency Planning, System Configuration, and System Interfaces); and Clinical Process guides (Patient Identification, Computerized Provider Order Entry with Decision Support (CPOE/CDS), Test Results Reporting and Follow-Up, and Clinician Communication). Within each of nine guides, the recommendations are organized according to three broad domains that help conceptualize the complexity of health IT safety. Although we have already mentioned the redundancies across these guides – and within them – we would be remiss if we did not mention that, while many of the “Recommended Practices” and “Recommended Risk Assessments” within each guide are not reliant on or related to the hospitals’ EHR vendor, some of them are, and some of them that have vendor-related reliance and overlap. It is critical that regulations do not inadvertently create overly duplicative requirements, penalize healthcare providers unfairly, and add burden.

CHIME agrees with CMS broadly in that the intent of the measure is for eligible hospitals and CAHs to regularly assess their progress and status on important facets of patient safety. However, the SAFER Guides are outdated and contain redundancies – notably across the “High Priority Practices” and “Organizational Priorities” in the Foundational Guides and throughout each of the Checklists and Recommended Practices. Each hospital must involve individuals from a wide swath across an organization, beginning with the local governance committee and a multi-disciplinary team including, but not limited to, health IT specialists, technical support, application support, safety and quality, operations, health information specialists, clinicians, medical administration, and EHR vendors and developers. Simply getting all these teams and individuals from these teams together in the same room, at the same time – is an extremely burdensome undertaking and requires significant time and effort. Furthermore, EHR developers and vendors are not regularly “on-site”, and having to rely on their participation makes an accurate, thorough self-assessment of the guides nearly impossible.

According to the General Instructions for the SAFER Self-Assessment Guides from the Office of the National Coordinator for Health IT (ONC) – they “are based on the best evidence available at this time (2016), […] The recommended practices in the SAFER Guides are intended to be useful for all EHR users . However, every organization faces unique circumstances and will implement a particular practice differently. As a result, some of the specific examples in the SAFER Guides for recommended practices may not be applicable to every organization [emphasis added].” Until each of the SAFER Guides are applicable to every organization that CMS is proposing to mandate attestation for each of the nine guides, CHIME is extremely concerned that this will have unintentional consequences – including extreme financial and workforce burden.

Therefore, we strongly oppose implementing a mandatory requirement for all eligible hospitals and CAHs to attest to all nine SAFER Guides in CY 2024. There should be a delay of this proposal until CMS completes the following recommendations: 1) review the SAFER Guides to update them and reduce redundancies. This could be done by convening a Technical Expert Panel (TEP), or organizing a workgroup to advise CMS of the newest best practices as well as the redundancies found in real world self-assessment and attestation; 2) offer, as previously mentioned, an easily accessible – free resource center for eligible hospitals and CAHs to utilize in reviewing the revised SAFER Guides; 3) propose attesting “yes/no” for a self-assessment in a step-wise (i.e., glidepath) approach – for example, by allowing eligible hospitals and CAHs to self-select three SAFER Guides over a three year period; and 4) after reviewing and updating the SAFER Guides, ensure that they are applicable to across the healthcare continuum and different settings of care (e.g., the outpatient prospective payment system (OPPS) and ambulatory surgical center (ASC) payment system).

CHIME is recommending CMS delay moving forward with this proposal until the above recommendations are complete, or at least three years (i.e., CY 2027). In the meantime, eligible hospitals and CAHs will continue to “grow familiar” with the use of the SAFER Guides.

ONC further notes that, “SAFER Guides are not intended to be used for legal compliance purposes , and implementation of a recommended practice does not guarantee compliance with HIPAA, the HIPAA Security Rule, Medicare or Medicaid Conditions of Participation, or any other laws or regulations [emphasis added].” ONC acknowledges that, “The SAFER Guides are for informational purposes only and are not intended to be an exhaustive or definitive source. They do not constitute legal advice. Users of the SAFER Guides are encouraged to consult with their own legal counsel regarding compliance with Medicare or Medicaid program requirements, HIPAA, and any other laws.”

CMS states that, “Given our interest in more strongly promoting safety and the safe use of EHRs, we are proposing to require eligible hospitals and CAHs to conduct the annual SAFER Guides self-assessments and attest a “yes” response accounting for a completion of the self-assessment for all nine guides.” While CHIME is and remains a staunch champion for promoting safety and the safe use of EHRs, given that ONC did not intend for the SAFER Guides to be used for legal compliance purposes – including any laws and regulations – and they are intended for informational purposes, we are extremely concerned that this proposal is solidly against the written intent of the guides.

Furthermore, according to CMS:

Across 4,500 eligible hospitals and CAHs, we estimate that our proposed changes for the Medicare Promoting Interoperability Program in this proposed rule would not result in a change to the information collection burden for the CY 2024 EHR Reporting Period and subsequent years. We estimate additional annual costs [emphasis added] associated with our proposed modification to the SAFER Guides measure to range from a minimum of $8,916,278 to a maximum of $108,976,725 beginning with the CY 2024 EHR Reporting Period.

In contrast, CMS estimates that the proposals related to the Hospital Inpatient Quality Reporting (IQR) Program will have the following impact:

Across 3,150 IPPS hospitals, we estimate that our proposed changes for the Hospital IQR Program in this proposed rule would result in a total information collection burden decrease of 146,674 hours associated with our proposed policies, and updated burden estimates and a total cost decrease of approximately $6,748,067 across a 4-year period from the CY 2024 reporting period/FY 2026 payment determination through the CY 2027 reporting period/FY 2029 payment determination.

While we acknowledge that the Hospital IQR Program differs from the PI Program – the annual cost related to the proposed SAFER Guides measure alone is drastically different from the entirety of the proposed changes to the Hospital IQR Program. In fact, the proposed policies for the IQR Program would – as CMS estimates – decrease burden on that subset of hospitals. CMS estimates proposed changes to the rest of the PI Program to result in no information collection burden for CY 2024 and subsequent years. However, the vast range of impacted annual costs to implement the singular proposed SAFER Guides measure, from a minimum of nearly $9 million up to $109 million, each calendar year – provides a shocking glimpse on just how substantial this proposal will financially impact our members.

CMS further states: “While the cost to conduct a SAFER Guides self-assessment can be high, we believe the cost is outweighed by the potential for improved healthcare outcomes, increased efficiency, reduced risk of data breaches and ransomware attacks, and decreased malpractice premiums.” Our members are committed to best practices regarding EHR implementation, safety and effectiveness, and take their responsibility to protect not only the privacy, security, and accuracy of patient data – but most critically – their patient’s overall safety and well-being very seriously. As currently written, the SAFER Guides cannot provide any of the presumed “potential” CMS indicates, and there are no scholarly articles, journals or systematic research citing or indicating the guides can offer any of those “potential” claims.

Finally, standardization across the SAFER Guides would offer a significant reduction in burden on clinicians across the care continuum, decreasing the current urgent clinician burnout and workforce shortage that our country is facing. Importantly, reducing the substantial time providers must spend navigating regulatory changes and their evolving requirements would “unlock” countless hours of time. In turn, this time could be used to improve patient care and innovate new workflow and care processes – including improving the SAFER Guides. Before CMS requires the complex process of attesting to each of the nine SAFER Guides, we recommend that they address the foregoing issues related to the guides.

Additional Patient Safety Considerations – Patient Identification

The Patient Identification SAFER Guide identifies recommended safety practices associated with the reliable identification of patients in the EHR. Accurate patient identification ensures that the information presented by and entered into the EHR is associated with the correct person. Processes related to patient identification are complex and require careful planning and attention to avoid errors. In the EHR-enabled healthcare environment, providers rely on technology to help support and manage these complex identification processes.

One of the most significant challenges inhibiting the safe and secure electronic exchange of health information is the lack of a national patient identification standard. As our healthcare system moves toward nationwide health information exchange, the lack of this essential core functionality is the single biggest barrier to achieving true interoperability. CHIME has consistently advocated for a national patient identification standard and is a founding member of Patient ID Now, a coalition of healthcare organizations representing a wide range of healthcare stakeholders committed to advancing through legislation and regulations a nationwide strategy to address patient identification. Through our work, we know that patient misidentification – which is the failure to accurately match patients to their health information – poses a significant risk to patients and providers. CHIME members are committed to ensuring that their patients are accurately matched to their health information. However, it is impossible to achieve 100 percent accuracy without a nationwide patient identification standard.

Proposed EHR Reporting Period in CY 2025 for Eligible Hospitals and CAHs

CMS is proposing to amend the definition of “EHR reporting period for a payment adjustment year” at 42 CFR 495.4 for eligible hospitals and CAHs participating in the Medicare PI Program, to define the EHR reporting period in CY 2025 as a minimum of any continuous 180-day period within CY 2025. CHIME broadly supports this proposal. However, we respectfully request that CMS consider offering an “exception” or flexibility for eligible hospitals and CAHs that may be switching their EHRs during the CY. For example, CMS could offer hospitals that have changed from one EHR vendor to another during a CY the flexibility to report two continuous 90-day periods within the CY. CHIME believes that a similar flexibility must be offered for eligible hospitals and CAHs after a merger, acquisition, or divestiture of their EHR vendor. Current users of these platforms face uncertainty about how product development and support for their installations will be delivered going forward – and therefore, should be given flexibility during an EHR reporting period.

Conclusion

We respectfully request that CMS take our comments on the Promoting Interoperability (PI) performance category proposals into consideration. CHIME and our members remain committed to the successful implementation of Promoting Interoperability with strong and meaningful data exchanges. Understanding the long-term ramifications of these policies is important and CHIME urges CMS to ensure these proposals do not inadvertently pass down burden through the implementation requirements that are proposed related to the SAFER Guides.

CHIME members are executives and senior healthcare IT leaders; thus, we are offering to continue to serve as a resource to CMS as they potentially refine the SAFER Guides and continue towards the goal of enabling providers to make improvements to safety and safe use of EHRs as necessary over time – which CHIME members staunchly support. Our comments are not intended to be censorious – we wish to work with CMS as partners and share the goal of strongly promoting safety and the safe use of EHRs. However, we believe that it needs to be done judiciously, with a stepwise approach.

In closing, we would like to thank you for providing the opportunity to comment and CHIME appreciates the chance to help inform the important work being done by CMS. We look forward to continuing to be a trusted stakeholder and resource to CMS and continuing to deepen the long-standing relationship we have shared. Working together through the rulemaking process, such as with the IPPS, is just one way we can accomplish our shared goals and make meaningful changes in healthcare.

Should you have any questions or if we can be of assistance, please contact Chelsea Arnone, Director, Federal Affairs at [email protected] .

Sincerely,

Russell P. Branzell, CHCIO, LCHIME | President and CEO | CHIME