Cheat Sheet: FY 2025 Inpatient Prospective Payment System (IPPS) Proposed Rule

DOWNLOAD PDF

CHIME Cheat Sheet – April 23, 2025

CMS Inpatient Prospective Payment System (IPPS) Proposed Rule for Fiscal Year (FY) 2026

On April 11, 2025, the Department of Health and Human Services’ (HHS) Centers for Medicare & Medicaid Services (CMS) issued the annual proposed rule to update the Fiscal Year (FY) 2026 Medicare payment and policies for the hospital Inpatient Prospective Payment System (IPPS) and the Long-Term Care Hospital (LTCH) Prospective Payment System (PPS).

You can find CMS’s Press Release here, Fact Sheet here, and the proposed rule here. Additionally, you can find more information on the CMS IPPS FY 2026 website. Comments are due June 10, 2025. The final rule is released in August, with many proposals effective at the beginning of the federal FY (Oct. 1, 2025).

Key Takeaways

This proposed rule would make payment and policy changes under the Medicare hospital IPPS for operating and capital-related costs of acute care hospitals, as well as for certain hospitals and hospital units excluded from the IPPS. In addition, it would make payment and policy changes for inpatient hospital services provided by LTCHs. Finally, it would make changes relating to Medicare graduate medical education (GME) for teaching hospitals, and policy changes to programs associated with Medicare IPPS hospitals, IPPS-excluded hospitals, and LTCHs. For FY 2026, CMS proposes that the payment rate for hospitals will increase by 2.4%. This reflects a 3.2% projected increase in the hospital market basket, reduced by a 0.8% productivity adjustment.

Additionally, to comply with President Trump’s Executive Order (EO) 14192 “Unleashing Prosperity Through Deregulation,” CMS included a Request for Information (RFI) in the proposed rule seeking public input on approaches and opportunities to streamline regulations and reduce burdens on those participating in the Medicare program. All comments in response to this RFI through the weblink (rather than via Regulations.gov).

CMS is also seeking public input on ways to improve the quality of care provided by inpatient hospitals. The feedback received will help advance CMS’ commitment to Making America Healthy Again by reprioritizing patients’ activity, nutrition, and overall wellness. The agency is requesting input from the public on enhancing nutrition and physical activity to promote better wellness through quality measurement and other initiatives.

CMS is proposing to modernize healthcare regulations by reducing duplications through technology and holding providers accountable for safety and outcomes. The agency is seeking feedback on potential future quality measures, implementing Fast Healthcare Interoperability Resources® (FHIR®), modernizing health reporting, and reducing burden.

Finally, CMS is proposing updates to the Transforming Episode Accountability Model (TEAM), a mandatory alternative payment model finalized last year. This model tests whether holding hospitals financially accountable for certain common procedures – such as joint replacements, bowel surgeries, and spinal fusions – can improve care while reducing costs. The proposed updates would expand participation to new hospitals, revise how quality is measured, adjust pricing methods, eliminate some reporting elements, expand the Skilled Nursing Facility (SNF) three-day rule waiver, and remove the Decarbonization and Resilience Initiative (DRI). CMS emphasizes that these changes are designed to ensure TEAM continues to promote high-quality, cost-effective care for Medicare patients.

Proposed Changes to the Medicare Promoting Interoperability (PI) Program

CMS is proposing several changes to the Medicare Promoting Interoperability (PI) Program. CMS is proposing to define the EHR reporting period in calendar year (CY) 2026 and subsequent years as a minimum of any continuous 180-day period within that CY for eligible hospitals and CAHs participating in the Medicare PI Program and make corresponding revisions in statute. CMS also proposes to modify the Security Risk Analysis measure for eligible hospitals and CAHs to attest “Yes” to having conducted security risk management in addition to security risk analysis, beginning with the EHR reporting period in CY 2026. CMS is proposing to modify the Safety Assurance Factors for EHR Resilience (SAFER) Guides measure by requiring eligible hospitals and CAHs to attest “Yes” to completing an annual self-assessment using all eight 2025 SAFER Guides, beginning with the EHR reporting period in CY 2026. Finally, CMS is proposing to add an optional bonus measure under the Public Health and Clinical Data Exchange objective for data exchange to occur with a public health agency (PHA) using the Trusted Exchange Framework and Common Agreement® (TEFCA), beginning with the EHR reporting period in CY 2026. Across 4,550 eligible hospitals and CAHs, CMS estimated that the changes for the Medicare Promoting Interoperability (PI) Program will not result in a change to the information collection burden for the EHR reporting period in CY 2026 and subsequent years.

Proposal to Define the EHR Reporting Period in CY 2026 and Subsequent Years

Under the definition of “EHR reporting period for a payment adjustment year” , for eligible hospitals and CAHs in the Medicare PI Program, the EHR reporting period in CY 2025 is a minimum of any continuous 180-day period within calendar year (CY) 2025 as finalized in the FY 2024 IPPS/LTCH PPS final rule. This applies to eligible hospitals and CAHs that are both new and returning participants in the Medicare PI Program.

CMS had previously maintained the EHR reporting period for a payment adjustment year as a minimum of any continuous 90-day period from CY 2015 through CY 2023 for eligible hospitals and CAHs before increasing the length of the EHR reporting period to any continuous 180-days beginning with CY 2024. Maintaining a 180-day EHR reporting period for CY 2026 and subsequent years would provide consistency with the EHR reporting period established for CY 2025 and afford eligible hospitals and CAHs the flexibility they may need to work with their chosen EHR vendors on continuing to develop, update, implement, and test their EHR systems to maintain effective use of CEHRT.

Therefore, for eligible hospitals and CAHs that are new or returning participants in the Medicare PI Program, for the EHR reporting period in CY 2026 and subsequent years, CMS is proposing to maintain the EHR reporting period for a payment adjustment year as a minimum of any continuous 180-day period within the calendar year. A 180-day EHR reporting period would be the minimum length, and eligible hospitals and CAHs are encouraged to use longer periods, up to and including the full calendar year.

Further – in collaboration with the Assistant Secretary for Technology Policy (ASTP) and Office of the National Coordinator for Health IT (ONC) – collectively referred to as ASTP – CMS will continue to monitor CEHRT utilization by eligible hospitals and CAHs to determine if a longer EHR reporting period may be appropriate in the future.

CMS is seeking public comment on this proposal to define the “EHR reporting period for a payment adjustment year” in CY 2026 and subsequent years as a minimum of any continuous 180-day period within that CY for eligible hospitals and CAHs participating in the Medicare PI Program.

Proposal to Modify the Security Risk Analysis Measure

CMS previously adopted the Security Risk Analysis measure based on the HIPAA Security Rule risk analysis requirement. Information on the adoption of this measure can be found in several rules that established Medicare and Medicaid EHR Incentive Programs requirements. In the Stage 3 final rule, CMS adopted the Protect Patient Health Information objective and included the Security Risk Analysis measure within this objective.

The Security Risk Analysis measure requires eligible hospitals and CAHs to attest “yes” or “no” as to whether they have conducted or reviewed a security risk analysis, as required under the HIPAA Security Rule. Eligible hospitals and CAHs must attest “yes” to the measure to be considered a meaningful EHR user. The measure is not scored and does not contribute any points to the total score for eligible hospitals and CAHs for the Protect Patient Health Information objective and measures. An attestation of “no” results in the eligible hospital or CAH not meeting the measure and not satisfying the definition of a meaningful EHR user, subjecting the eligible hospital or CAH to a downward payment adjustment.

While the Security Risk Analysis measure currently requires eligible hospitals and CAHs to attest to conducting a security risk analysis as required under the HIPAA Security Rule, the Security Risk Analysis measure does not currently require eligible hospitals and CAHs to manage their security risk conduct or to attest to having implemented security measures to manage their security risk. The HIPAA Security Rule implementation specification for risk management requires the implementation of security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with the statute. CMS notes the HIPAA Security Rule does not prescribe a specific methodology for conducting and documenting a risk analysis or managing risk – and refers readers to ASTP and HHS’ Office for Civil Rights (OCR) informational Security Risk Assessment Tool, as well as the National Institute of Standard and Technology (NIST) special publication, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.

CMS is proposing to modify the existing Security Risk Analysis measure to require eligible hospitals and CAHs to attest “yes” to having conducted security risk management as required under the HIPAA Security Rule implementation specification for risk management. This would be in addition to the current requirement under the measure for eligible hospitals and CAHs to attest “yes” to having conducted or reviewed a security risk analysis.

Under the proposed modified measure, eligible hospitals and CAHs would be required to attest that they have implemented policies and procedures to support analyzing and managing the security risks to ePHI associated with the implementation and use of EHRs as required by the HIPAA Security Rule implementation specifications for risk analysis and risk management. The modifications CMS is proposing to the Security Risk Analysis measure would “increase accountability among eligible hospitals and CAHs that have not taken steps to reduce risks and vulnerabilities to ePHI as required by the HIPAA Security Rule and would provide transparency regarding the efforts of eligible hospitals and CAHs that are already taking steps to manage this risk.”

To meet the requirements of the modified measure, CMS is proposing eligible hospitals and CAHs would need to separately attest “yes” to both components of the proposed revised measure. An eligible hospital or CAH would be required to both attest “yes” that they have met the existing security risk analysis requirement component, and attest “yes” that they have met the security risk management component of the modified Security Risk Analysis measure to be considered a meaningful EHR user beginning with the EHR reporting period in CY 2026.

The proposed text of the measure is as follows, with new or revised proposed text in italics:

Conduct or review a security risk analysis and conduct security risk management activities, in accordance with the requirements under 45 CFR 164.308(a)(1)(ii)(A) and (B), including addressing the security of data created or maintained by CEHRT (to include encryption), in accordance with 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), implement security updates as necessary, and correct identified security deficiencies as part of the eligible hospital’s or CAH’s risk management process. Actions included in the security risk analysis measure may occur any time during the calendar year in which the EHR reporting period occurs.

To meet the requirements of the modified measure, we propose eligible hospitals and CAHs would need to separately attest “yes” to both components of the proposed revised measure. An eligible hospital or CAH would be required to both attest “yes” that they have met the existing security risk analysis requirement component, and attest “yes” that they have met the security risk management component of the modified Security Risk Analysis measure to be considered a meaningful EHR user beginning with the EHR reporting period in CY 2026.

This proposed modification would not impact the provision that actions included in the Security Risk Analysis measure may occur any time during the calendar year in which the EHR reporting period occurs and that an eligible hospital or CAH must use the capabilities and standards as defined for CEHRT. The proposal to modify the Security Risk Analysis measure would not change the current scoring approach and would not contribute any points towards the eligible hospital or CAH's total score for the objectives and measures. An eligible hospital or CAH that attests “no” to either the risk analysis component or the risk management component, or to both components, would not meet the proposed measure requirements and would not satisfy the definition of a meaningful EHR user, subjecting the eligible hospital or CAH to a downward payment adjustment.

CMS is seeking feedback on this proposal, as well as comments regarding compliance with security risk management requirements and the potential impact the proposed modification to the Security Risk Analysis measure would have on risk management compliance and any potential burden from this proposal.

Proposal to Modify the SAFER Guides Measure Beginning with the EHR Reporting Period in CY 2026

In the FY 2024 IPPS/LTCH PPS final rule, CMS modified the requirements for the SAFER Guides measure beginning with the EHR reporting period in CY 2024 to require eligible hospitals and CAHs to attest “yes” to conducting an annual self-assessment using all nine of the 2016 SAFER Guides to be considered a meaningful EHR user. In January 2025, ASTP published an updated set of SAFER Guides (hereafter referred to as the 2025 SAFER Guides). The 2025 SAFER Guides consist of eight guides organized into three broad groups of Foundational Guides, Infrastructure Guides, and Clinical Process Guides. All guides have been edited and contain new recommendations as well as the comprehensive consolidation of recommendations that were similar and overlap in function or intent with the 2016 SAFER Guides. For example, the “System Configuration” and “System Interfaces” chapters have been consolidated into a single chapter titled, “System Management.” The entirety of the content recommendations, bibliography, and implementation guidance have been organized into a comprehensive table (Table X.F.-01, on pages 917 – 918 of the proposed rule). This update represents the most comprehensive revision of the SAFER Guides since they were first released in 2016.

CMS is proposing to modify the SAFER Guides measure by requiring eligible hospitals and CAHs to attest “yes” to completing an annual self-assessment using all eight 2025 SAFER Guides to be considered a meaningful EHR user, beginning with the EHR reporting period in CY 2026 and subsequent years. CMS notes that their proposed version of the measure referencing the 2025 SAFER Guides would only be effective with EHR reporting periods in CY 2026. During EHR reporting periods in CY 2025, eligible hospitals and CAHs should continue to use the 2016 SAFER Guides. CMS is encouraging eligible hospitals and CAHs to begin to familiarize themselves with the 2025 SAFER Guides during CY 2025, and is seeking comment on this proposal.

Proposal to Modify the Public Health and Clinical Data Exchange Objective: Adoption of an Optional Bonus Measure for Public Health Reporting Using the TEFCA Beginning with the EHR Reporting Period in CY 2026

CMS is proposing to add an optional bonus measure under the Public Health and Clinical Data Exchange objective for health information exchange with a public health agency (PHA) that occurs using the Trusted Exchange Framework and Common Agreement (TEFCA). Beginning with the EHR reporting period in CY 2026, CMS is proposing the following optional bonus measure:

Public Health Reporting Using TEFCA: The eligible hospital or CAH: 1) participates as a signatory to a Framework Agreement (as that term is defined by the Common Agreement for Nationwide Health Information Interoperability); 2) is not suspended; 3) submits health information using TEFCA to a PHA consistent with one or more of the measures under the Public Health and Clinical Data Exchange objective; 4) is in active engagement Option 2 (validated data production) with a PHA to transfer health information for one or more of the measures under the Public Health and Clinical Data Exchange objective; and 5) uses the functions of CEHRT to exchange with the PHA.

CMS is proposing that an eligible hospital or CAH would be able to claim 5 bonus points under the Public Health and Clinical Data Exchange objective if the eligible hospital or CAH has attested that they are in active engagement (Option 2) with a PHA to submit electronic production data for one or more of the measures under the Public Health and Clinical Data Exchange objective using TEFCA.

As previously finalized in previous rulemaking, for the measures in the Public Health and Clinical Data Exchange objective, eligible hospitals and CAHs are required to report their level of active engagement as either Option 1 (pre-production and validation) or Option 2 (validated data production), and may only spend one EHR reporting period at the pre-production and validation level of active engagement (Option 1) before advancing to Option 2 (validated data production) to fulfill measure requirements.

Under this proposal, the bonus measure would only be available where the eligible hospital or CAH is in active engagement Option 2 (validated data production) with a PHA to transfer health information for one or more of the measures under the Public Health and Clinical Data Exchange objective. Furthermore, CMS is proposing that, to attest “yes” for the Public Health Reporting Using TEFCA optional bonus measure, an eligible hospital or CAH must be a signatory to a TEFCA Framework Agreement, meaning either the Common Agreement or an agreement that includes the Participant/Sub-participant Terms of Participation, and is not suspended under the respective agreement.

In addition, to attest “yes” for this bonus measure, an eligible hospital or CAH must transmit electronic health information for at least one measure under the Public Health and Clinic Data Exchange objective using TEFCA. CMS refers readers to the TEFCA Public Health Exchange Purpose Implementation Standard Operating Procedure (SOP) for more information about exchange of public health data using TEFCA. The Public Health Exchange Purpose Implementation SOP currently identifies electronic case reporting and electronic laboratory reporting as exchange use cases, but the SOP can also be used for any allowable public health purpose. The Centers for Disease Control and Prevention (CDC), ASTP, and others are focused on establishing a foundation for healthcare providers, including eligible hospitals and CAHs, to use TEFCA to meet their public health reporting needs for the benefit of both public health and clinical care.

Finally, the eligible hospital or CAH must use the functions of CEHRT to engage in exchange with a PHA. CMS believes there are numerous certified health IT capabilities that can support exchange under a TEFCA Framework Agreement with a PHA. For instance, eligible hospitals or CAHs may exchange information under a TEFCA Framework Agreement by using technology certified to the health IT certification criteria, “Transmission to public health agencies — reportable laboratory tests and value/results” and “Transmission to public health agencies — electronic case reporting.” Both criteria are associated with the exchange use cases currently identified under the TEFCA Public Health Exchange Purpose Implementation SOP.

CMS recognizes that eligible hospitals and CAHs may connect to entities that connect directly or indirectly to a Qualified Health Information Network (QHIN) using certified health IT in a variety of ways. This includes the other ONC health IT certification criterion associated with the Public Health and Clinical Data Exchange objective measures, and CMS believes that the agency should allow for substantial flexibility in how eligible hospitals and CAHs use certified health IT to exchange health information under a TEFCA Framework Agreement.

CMS is seeking comment on health IT certification criteria that can support the proposed bonus measure. CMS is proposing that an eligible hospital or CAH may earn a total of 5 bonus points if it attests “yes” for one of the following optional bonus measures: the Public Health Reporting Using TEFCA measure, the Public Health Registry Reporting measure, or the Clinical Data Registry Reporting measure. Eligible hospitals and CAHs may attest “yes” to more than one, but the eligible hospital or CAH can only earn a total of 5 bonus points even if it attests “yes” to multiple bonus measures.

CMS is also proposing that if an eligible hospital or CAH uses TEFCA to fulfill any of the required Public Health and Clinical Data Exchange objective measures, such as Electronic Case Reporting or Electronic Laboratory Reporting, that eligible hospital or CAH would be able to claim the 5 bonus points if it attests “yes” to the Public Health Reporting Using TEFCA bonus measure in addition to earning points for fulfilling the requirements of the required measure(s). Because the Public Health Reporting Using TEFCA measure would be an optional bonus measure, CMS is not proposing any exclusions.

Overview of Scoring Methodology for the EHR Reporting Period in CY 2026

In the FY 2025 IPPS/LTCH PPS final rule, CMS finalized a proposal to increase the performance-based scoring threshold to at least 70 points for the EHR reporting period in CY 2025 and to at least 80 points beginning with the EHR reporting period in CY 2026 and continuing in the EHR reporting periods in subsequent years.

As shown in the table below (Table X.F.-02., page 926 of the proposed rule), the points associated with the required measures sum to 100 points, and reporting on one or more of the optional bonus measures offers an additional 5 total bonus points. The scores for each of the required measures and bonus measures are added together to calculate a total score of up to 105 possible points for each eligible hospital or CAH.

Performance-Based Scoring Methodology for EHR Reporting Periods in CY 2026 and Subsequent Years

Notes: The Security Risk Analysis measure, SAFER Guides measure, and attestations required by section 106(b)(2)(B) of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) are required but will not be scored. Reporting electronic clinical quality measures (eCQMs) is required but will not be scored. Eligible hospitals and CAHs must also submit their level of active engagement for measures under the Public Health and Clinical Data Exchange objective. Participants may spend only one EHR reporting period at the Option 1: Pre-production and Validation level per measure and must progress to Option 2: Validated Data Production level for the following EHR reporting period. The ePrior Authorization measure is required beginning with the EHR reporting period in CY 2027.

*Signifies a proposal made in this FY 2026 IPPS/LTCH PPS proposed rule.

**In prior rulemaking, CMS inadvertently referenced the measure name incorrectly. To ensure accuracy, CMS is correcting the measure’s name to Electronic Laboratory Reporting measure. This is a non-substantive change and does not impact the measure’s specifications or reporting requirements.

The maximum number of points available by measure in this proposed rule do not include the points that would be redistributed in the event an exclusion is claimed for a given measure. CMS is not proposing any changes to their policy for point redistribution in the event an exclusion is claimed. CMS refers to Table X.F.–03. (page 927 of the proposed rule) which shows point redistribution among the objectives and measures for the EHR reporting period in CY 2026 and subsequent years, in the event an eligible hospital or CAH claims an exclusion.

Overview of Objectives and Measures for the Medicare PI Program for the EHR Reporting Period in CY 2026

For ease of reference, Table X.F.-04. (on pages 928 – 940 of the proposed rule) lists objectives and measures for the Medicare PI Program for the EHR reporting period in CY 2026, as revised to reflect the proposals in this proposed rule, and Table X.F.-05. (pages 940 – 941) lists the ONC Health IT Certification Program certification criteria required to meet the Medicare PI Program objectives and measures.

Clinical Quality Measurement for Eligible Hospitals and CAHs Participating in the Medicare PI Program

Table X.F.-06. (page 942 of the proposed rule) summarizes the previously finalized required and self-selected eCQMs available for eligible hospitals and CAHs to report under the Medicare PI Program for the CY 2026 reporting period and subsequent years. CMS is not proposing any changes to the eCQMs for eligible hospitals and CAHs participating in the Medicare PI Program in this proposed rule.

Request for Information (RFI) Regarding the Query of PDMP Measure

CMS continues to work with Federal partners and industry stakeholders to advance common standards for the exchange of information between Prescription Drug Monitoring Programs (PDMPs), EHRs, pharmacy dispensing systems, and exchange networks. ASTP convened the PDMP and health IT system communities to standardize data format and transport protocols to exchange controlled substances prescription data between PDMP and health IT systems, which produced a PDMP-EHR Integration Toolkit. Moreover, ASTP continues to collaborate with industry partners furthering the development of a Health Level 7® (HL7) Fast Healthcare Interoperability Resources® (FHIR) IG that allows EHRs and other health IT systems to support more seamless exchange of prescription data with PDMP systems.

CMS is interested in continuing to make improvements to the Medicare PI Program that promote patient safety and encourage appropriate prescribing of controlled substances while minimizing provider burden. CMS further believes improved HL7 FHIR PDMP IG technology approaches and increased PDMP integration into EHR systems can enable increased utilization of PDMPs and associated positive outcomes for patients. CMS is also considering recent studies of how outcome-oriented quality measures that are not currently included in the Medicare PI Program, such as the Concurrent Use of Opioids and Benzodiazepines measure, could potentially be included in the Medicare PI Program associated with the Query of PDMP measure or as an eCQM to provide additional data and support quality improvement in the agency’s efforts to address the inappropriate prescribing of controlled substances.

Therefore, CMS is seeking public comment through this RFI to potentially inform future rulemaking for the Query of PDMP measure related to the following policy considerations: 1) changing the Query of PDMP measure from an attestation-based measure (“yes” or “no”) to a performance-based measure (numerator and denominator), as well as alternative measures designed to more effectively assess the degree to which participants are utilizing PDMPs; and 2) expanding the types of drugs to which the Query of PDMP measure could apply.

Toward Digital Quality Measurement in CMS Quality Programs – Request for Information (RFI)

In previous rulemaking, CMS has issued requests for information (RFIs) to gather public input on the transition to digital quality measurement (dQM) for CMS programs. This RFI provides updates on CMS’s progress and seeks input as CMS continues the path forward in the dQM transition.

In this RFI, CMS is seeking comments on their anticipated approach to the use of HL7 FHIR in eCQM reporting. Several CMS programs – including the Medicare PI Program – currently use, or are considering using, eCQMs for various clinicians, facilities, providers, and other organizations to report their respective quality performance. CMS will consider the feedback received as they refine dQM transition efforts and plan the strategic modernization of their quality measurement enterprise.

CMS aims to transition to a fully dQM landscape that promotes interoperability and increases the value of reporting quality measure data. In the coming years, CMS will continue to seek ways to advance technical infrastructure, update program regulations, and engage Federal partners and the public to support this dQM transition. CMS notes that any substantive updates to program-specific requirements related to providing data for quality measurement and reporting would be addressed through future notice-and-comment rulemaking, as necessary.

CMS is requesting input on key components of the ongoing dQM transition related to FHIR-based eCQMs for CMS programs – including the Medicare PI Program. These components include: 1) FHIR-based eCQM conversion progress; 2) data standardization for quality measurement and reporting; 3) the timeline under consideration for FHIR-based eCQM reporting; and (4) measure development and reporting tools.

As CMS moves to FHIR-based eCQMs, they continue to convert current eCQMs (authored using the QDM) to eCQMs authored using the HL7 FHIR® Quality Improvement Core (QICore) IG, updating to new versions as appropriate. CMS is conducting advanced validation of FHIR data exchange through ongoing HL7 Connectathons and integrated systems testing, leveraging and refining IGs to enhance interoperability and data standardization.

While new eCQMs continue to be developed, proposed, and adopted in existing CMS programs, ongoing work with measure developers is being done to ensure existing eCQMs are converted to FHIR and that new eCQMs are also natively developed in FHIR. In the future, CMS is considering a requirement that all measures proposed for addition to their programs be specified in FHIR. Additional information and updates regarding eCQMs and the dQM transition can be found on the Electronic Clinical Quality Improvement (eCQI) Resource Center website. CMS is seeking feedback on the following questions:

1. Are there specific eCQMs or elements of existing eCQMs that you anticipate presenting particular challenges in specifying in FHIR?
2. Are there gaps in the QI-Core IG that are likely to impact our ability to effectively specify current CMS eCQMs in FHIR?
3. What supplementary activities would encourage additional engagement in FHIR testing activities (such as Connectathons) that support the development of current and future IGs to advance adoption and use of FHIR-based eCQMs?

Data Standardization for Quality Measurement and Reporting

CMS is continuing to collaborate with ASTP as it develops a certification approach to enable reporting of FHIR-based eCQMs using technology certified under the ONC Health IT Certification Program. This approach aims to repurpose and harmonize existing FHIR requirements in the ONC Health IT Certification Program whenever possible. CMS discusses the standards and other artifacts which CMS and ASTP are evaluating to serve as the basis for new health IT certification criteria supporting FHIR-based quality measurement and reporting. New health IT certification criteria for quality measurement and reporting could include requirements for certified health IT modules to support the consistent capture and exchange of quality data using FHIR APIs. New criteria could also support standardized reporting rules to ensure successful submission of quality measure data through CMS programs.

A key artifact CMS is reviewing as part of this approach is the QI-Core IG, which defines a set of FHIR profiles within a common logic model for clinical quality measurement and clinical decision support intended for use for multiple use cases across domains. CMS anticipates alignment between the QI-Core IG and the USCDI+ Quality data element list, which incorporates additional data elements beyond USCDI. Specifically for CMS programs, USCDI+ Quality includes the data elements to support program-specific measures. CMS is also considering the Data Exchange for Quality Measures (DEQM) IG as part of the framework supporting the transition to FHIR-based eCQMs, in particular for supporting FHIR-based reporting to CMS. CMS is considering the use of the DEQM IG with quality measures specified in accordance with QI-Core.

To facilitate the exchange of significant volumes of data to support quality measurement, CMS is also evaluating the use of HL7 FHIR ® Bulk Data, both on its own or through the DEQM IG. ASTP has adopted the Bulk Data Access IG STU 1 (version 1) and incorporated it into the ONC Health IT Certification Program. A new version of the Bulk Data Access IG, planned to be balloted in 2025, is expected to introduce new features such as the capacity to organize output by patient and criteria-based cohort creation, which could significantly enhance the quality reporting use case for the IG.

The HL7 community will also continue to prepare additional enhancements to the Bulk Data Access IG throughout 2025, with the Argonaut Project announcing Bulk Import as a 2025 project. It defines a standardized mechanism for data submitters to upload or submit their Bulk FHIR data to a receiving system when they have their Bulk FHIR data ready to submit, rather than having to reactively respond to a Bulk FHIR export request initiated by a receiving system.

CMS is seeking feedback on the following questions:

1. Can you share any experiences or challenges reviewing, implementing, or testing the QI-Core, DEQM, or Bulk FHIR standards, including any experiences or challenges unique to Bulk FHIR Import versus Bulk FHIR Export?
2. Are there any deficiencies or gaps in the DEQM IG that must be addressed before it can potentially be used for reporting to CMS on eCQMs using FHIR APIs?
3. Are there additional baseline requirements or capabilities that need to be considered before FHIR-based eCQMs could be reported to CMS using Bulk FHIR?

Timeline Under Consideration for FHIR-Based eCQM Reporting

CMS is considering proposing a transition period during which healthcare providers may report using either QDM- or FHIR-based eCQMs. This period would provide time for quality program participants, health IT developers, and CMS to engage in learning to optimize systems and processes. During this period, participants would still be required to report on the number of eCQMs finalized for an applicable reporting program, but program participants would be able to choose to submit either QDM-based or FHIR-based eCQMs to meet respective reporting requirements.

For instance, program participants who are implementing updated certified health IT and gaining experience with FHIR-based eCQMs could continue submitting QRDA files to meet program requirements, while those who are ready to report FHIR-based eCQMs would be able to do so, for a specified period. For the purposes of this RFI, CMS is referring to this concept as the “reporting options” period. Participants in CMS programs will likely update certified health IT and implement dQMs at different speeds. Thus – CMS is considering the reporting options period to provide additional time for providers to make the transition, in advance of any future proposal to require FHIR-based reporting.

CMS is considering at least a two-year reporting options period before any future proposal to require mandatory reporting; any updates to specific program requirements related to providing data for quality measurement and reporting would be addressed through future rulemaking, as necessary. CMS is seeking feedback on the following questions:

1. Would a minimum of 24 months from the effective date of a FHIR-based eCQM reporting option using ONC Health IT Certification Program criteria to support quality program submission provide sufficient time for implementation (including measure specification review, certified health IT updates, workflow changes, training, and testing)?
2. What resources or guidance could CMS provide to assist with the transition to submission of FHIR-based eCQM data?
3. What, if any, challenges do you anticipate with the reporting timeline of FHIR-based eCQMs (beginning with at least a two-year reporting options period before any future proposal to require FHIR-based reporting)?
4. What resources, guidance, or other support can we provide to encourage and facilitate the early adoption and reporting of FHIR-based eCQMs during the reporting options period?

Measure Development and Reporting Tools

CMS develops and maintains tools and resources to assist measure developers in the different stages of the Measure Lifecycle. The Measure Authoring Development Integrated Environment (MADiE) is a free software tool that supports the eCQM development and testing process through dynamic authoring and testing within a single application. MADiE supports QI-Core profile-informed authoring, testing, and verification of the behavior of FHIR-based eCQMs. CMS encourages measure developers to continue using this environment for the development of FHIR-based eCQMs.

In previous rulemaking, CMS described plans to modernize programmatic data receiving systems through a unified CMS FHIR receiving system that would provide a single point of data receipt for quality reporting programs. CMS states that they may also consider separate FHIR receiving systems for some programs initially as the shift to FHIR across their programs will be incremental. The agency will provide information on the form and manner for reporting for each program in respective future rulemaking, as necessary. CMS states that their “vision remains to ultimately develop and implement a single point of data receipt via a unified CMS FHIR receiving system.”

In the CMS Digital Quality Measurement Strategic Roadmap, the agency noted the development of a FHIR-based measure calculation tool (MCT). After further consideration and testing, CMS has decided not to advance the MCT as previously described – and is seeking feedback on the following:

1. What capabilities would be most useful for CMS to support in a FHIR-based eCQM reporting model?
2. What, if any, additional concerns should CMS take into consideration when developing FHIR-based reporting requirements for systems receiving quality data?

General Solicitation of Comments

In conjunction with the previous questions, CMS is also seeking input on the following:

1. Specific to FHIR-based quality reporting, are there any additional factors, or considerations to account for, that may help foster data harmonization and reduce reporting burden across entities?
2. The TEFCA framework supports nationwide health information exchange by connecting health information networks (HINs) across the country. Additionally, TEFCA facilitates FHIR exchange by requiring Qualified HINs (QHINs) to perform patient discovery for those querying for data and providing data holders with FHIR endpoints to enable point-to-point exchange via FHIR APIs. How could this initiative potentially support exchange of FHIR-based quality measures and patient assessment submissions consistent with the FHIR Roadmap? How might TEFCA enable the use of patient assessment data for secondary uses such as treatment and research?