Choosing the option of completing the Advancing Care Information (ACI) section of Medicare's Merit-based Incentive Payment System (MIPS) offers physicians one clear path through the complex thicket of guidelines that define the program.
Choosing the option of completing the Advancing Care Information (ACI) section of Medicare’s Merit-based Incentive Payment System (MIPS) offers physicians one clear path through the complex thicket of guidelines that define the program.
ACI accounts for 25% of the composite MIPS score for healthcare providers-and that score, in turn, determines future Medicare reimbursement levels. Physicians reporting data from 2018 could see a 5% bonus or penalty, depending on their scores.
Fortunately, earning full points in the ACI category may not be as difficult as it seems at first glance. Since most medical practices have participated in Meaningful Use, much of the groundwork for earning MIPS points has already been done as ACI replaces Meaningful Use and Quality. In addition, ACI offers more flexibility and options than Meaningful Use in terms of reporting on performance data.
MIPS requires medical practices to report on a range of base score measures in order to earn ACI points. Here are five ACI base score measures which are mandatory:
• Security Risk Analysis (SRA) – Conducting or reviewing an SRA involves addressing the security of electronic protected health information (ePHI) data, implementing security updates and correcting identified security deficiencies.
• e-Prescribing – At least one permissible prescription written by the MIPS-eligible clinician is queried for a drug formulary and transmitted electronically using certified electronic health record (EHR) technology.
• Provide Patient Access – At least one patient seen by the MIPS-eligible clinician during the performance period is provided timely access to view online, download and transmit to a third party their health information subject to the MIPS-eligible clinician’s discretion to withhold certain information.
• Send a Summary of Care– For at least one transition of care or referral, the MIPS-eligible clinician that transitions or refers their patient to another setting of care or healthcare provider creates a summary of care record using certified EHR technology and electronically exchanges the summary of care record.
• Request/Accept Summary of Care – For at least one transition of care or referral received or patient encounter in which the MIPS-eligible clinician has never before encountered the patient, the MIPS-eligible clinician receives or retrieves and incorporates into the patient’s record an electronic summary of care document.
It should not be difficult to report on these measures since most of these activities are commonly carried out in the course of the day at a medical practice. With the mandatory SRA also required for HIPAA compliance, meeting that standard ought to be routine. If not, practices can take steps to implement the SRA to ensure the safety of patient data while also earning MIPS points.
Physicians can also leverage their previous Meaningful Use reporting by running one of those reports from the EHR for 90 continuous days, and then extrapolate the data required for base score reporting. It’s advisable to print a copy of the dashboard and file it with audit records. Further, physicians will need to make a business decision whether to report as a group or as individual practitioners.
IN CASE YOU MISSED IT: Physicians struggle to manage quality measures
If reporting as a group, then ACI measures will reflect an aggregate of the data for those physicians / providers. It’s also necessary to confirm whether the EHR used for reporting ACI is certified to the 2014 edition or the 2015 edition.
Finally, to fulfill the minimum requirements for the ACI, practitioners must also complete the “Prevention of Information Blocking Attestation”-a document confirming clinicians have not knowingly and willfully limited or restricted the compatibility or interoperability of their certified EHR technology.
It’s critical to perform and report on all five of the base score measures to maximize ACI points. Failing to do so results in a 0 score for both the base and total ACI score. In other words, medical practices must complete an SRA or any other base score measure to earn an ACI score.
Once the minimum requirements are met, it’s possible to earn additional points with the ACI’s Performance Score measures. These scores, like others in the ACI category, primarily revolve around managing and communicating medical data in a secure and useful way.
Performance score measures include patient-specific education; secure messaging; patient-generated health data; clinical information reconciliation; immunization reporting; and view, download or transmit) data on efforts to improve secure accessibility of health information. It’s worth noting that three of the required measures described earlier can also contribute to the ACI Performance score. Those benchmarks are: provide patient access; send a summary of care; and request/accept summary of care.
Providers can also earn ACI Bonus Score measures, including: syndromic surveillance reporting; electronic care reporting; public health registry reporting; and clinical data registry reporting. For each of these measures, a practitioner only needs to report on one patient and one of the four bonus measures to earn bonus points.
POPULAR ONLINE: Top 5 locations physician salaries are declining
By adding the base, performance and bonus scores, practitioners can earn the highest ACI score possible, which can only enhance their overall MIPS scores.
Going beyond the minimum ACI requirements enables physicians to do more than avoid MIPS penalties. These extra efforts contribute to smoother day-to-day operations and better patient outcomes. Ensuring that the flow of health information remains seamless and secure is the best way to fulfill the spirt of the law behind MIPS regulations-to improve the quality of medical care for all those who receive it.
Art Gross is the president and CEO of HIPAA Secure Now!, which provides security services to medical practices. He can be contacted at firstname.lastname@example.org.