MACRA and MIPS Accelerate Patient Engagement
Health care providers who accept Medicare are adapting to new rules under the Medicare Access and CHIP Reauthorization Act or MACRA. The law is dense and complicated, but essentially, its purpose is to adjust payment measures to reward the delivery of high-quality patient care. The Merit-based Incentive Payment System (MIPS) is a core element of the change from prior rules. The relevance to HIPAA is that a central element of MACRA is an increased focus on patient engagement because when patients are engaged in their own healthcare, outcomes improve.
Effective patient engagement requires regular patient communications. The problem is that communications raise the risk of disclosure of protected health information (PHI). And today, with the use of email and text messaging, the risk is even greater. Ninety-nine percent of patients today use social media and most prefer regular, unencrypted email and texting. Unfortunately, they may not have considered the consequences.
Using unencrypted emails and text messages is like handing a postcard to someone in L.A. who will hand it off to a million people as it travels to N.Y., and each of those million can read it anywhere along the line.
HIPAA Can Help with Easy to Follow Step-by-Step Rules
HIPAA provides a 3-step safeguard that helps both providers and patients - providers will stay in compliance and patients are engaged in maintaining privacy of their own PHI.
Simply stated, it includes:
Notice - a duty to warn;
Let the patient decide; and
Document the warning and response in writing.
If a patient says “no” to unencrypted communication, take steps to encrypt and inform your workforce and business associates, and document these steps. A common misunderstanding is that if a patient initiates communication through email, the provider can assume the patient accepts this method. Although this was the HHS policy in 2008, it changed in 2016 when the duty to warn became law.
The HIPAA E-Tool® is always up to date
Letting patients decide and documenting the process is easy with The HIPAA E-Tool®. Below is an excerpt from Policy PR-3 - Request for Confidential Communication. Form PR-3.B - Unencrypted Text Message and Email Language for Information & Registration Update Forms is all you need.
 A full review of MACRA is beyond the scope of this blog but a good summary can be found here: https://qpp.cms.gov/docs/QPP_Executive_Summary_of_Final_Rule.pdf and elsewhere on the web.