Question

Our current health care system is very complex, with multiple regulatory agencies and other requirements. For any manager to be successful in the health care field, they must be aware of which agencies they must report information to. Choose one of the following agencies, visit their web page, and summarize the regulations they oversee. Make sure you include who managed the agency, what areas of health care they oversee, and at least two main regulations that they enforce. Then mention how you would ensure compliance as a manager.

• CMS
• HHS
• AHRQ
• NCQA
• TJC
• HFAP

Answer 1

Centers for Medicare and Medicaid Services

Introduction:

The Centers for Medicare & Medicaid Services is a federal agency that administers the nation’s major healthcare programs including Medicare, Medicaid, and CHIP. It collects and analyzes data, produces research reports, and works to eliminate instances of fraud and abuse within the healthcare system.

The agency aims to provide a healthcare system with better care, access to coverage, and improved health. The CMS releases updated Medicare premium and deductible information each year.

How the Centers for Medicare and Medicaid Services (CMS) Works

On July 30, 1965, President Lyndon B. Johnson signed into law a bill that established the Medicare and Medicaid programs. In 1977, the federal government established the Health Care Financing Administration (HCFA) as part of the Department of Health, Education, and Welfare (HEW). The HCFA was later named the Centers for Medicare & Medicaid Services. CMS now manages many important national health care programs that affect the lives of millions of Americans.

The agency’s goal is to provide “a high-quality health care system that ensures better care, access to coverage, and improved health.” CMS is headquartered in Maryland and has 10 regional offices throughout the U.S. located in Boston, New York, Philadelphia, Atlanta, Dallas, Kansas City, Chicago, Denver, San Francisco, and Seattle.

The CMS manages the Administrative Simplification Standards of the Health Insurance Portability and Accountability Act (HIPPA). The use of Administrative Simplification Standards strives to implement the adoption of national electronic health care records, guarantee patient privacy and security, and enforce HIPPA rules. CMS oversees quality in clinical laboratories and long-term care facilities, as well as provides oversight of the health insurance exchanges.  

Reimbursement and regulatory functions

In addition to Medicare (the federal health insurance program for the elderly) and Medicaid (the federal needs-based program that helps with medical costs), CMS administers the Children's Health Insurance Program (CHIP), the Health Insurance Portability and Accountability Act (HIPAA) and key portions of the 2015 Medicare Access and CHIP Reauthorization Act (MACRA) law.

Since passage of the Health Information Technology for Economic and Clinical Health Act in 2009, CMS has been charged with running the meaningful use program, which is in its final phase with nearly $30 billion of incentive funds having been paid out to healthcare providers.

Under meaningful use, and now the MIPS part of MACRA, CMS determines whether healthcare providers have successfully used health IT systems, and sets Medicare and Medicaid reimbursement rates for healthcare providers that use federally certified health IT systems.

ONC-affiliated agency

The Office of the National Coordinator for Health Information Technology (ONC), another Health and Human Services agency that works closely with CMS, is responsible for approving certified health IT systems and updating health information privacy and security regulations under HIPAA.

MACRA:

MACRA includes programs such as Merit-Based Incentive Payment System (MIPS) in which physicians and healthcare organizations are reimbursed based on their scores on healthcare quality and patient satisfaction measures. The approach is also known as value-based reimbursement. CMS also administers alternative payment models (APMs) for healthcare providers such as bundled payments for groups of healthcare organizations, and accountable care organizations, which are reimbursed based on positive medical outcomes.

MACRA’s impact will fundamentally alter the way services and care are evaluated and reimbursed. And while groups representing providers, plans and payers are actively discussing MACRA’s potential effects on their particular constituents, NRHI is assessing the law from every perspective. With stakeholder-members from the entire spectrum of the healthcare community, they looking at MACRA with an eye toward helping all of their stakeholders to prepare for the coming changes and to leverage their potential to positively impact healthcare for providers, payers, purchasers and consumers alike.

MACRA’s value-based payment programs will be based on two new reimbursement structures:

1. The Merit Based Incentive Payments System (MIPS) combines parts of the Physician Quality Reporting System (PQRS), the Value Modifier (VM or Value-Based Payment Modifier) and the Medicare Electronic Health Record (EHR) incentive programs into one. Under MIPS, Eligible Professionals (EPs) will be measured and paid based on:

a. Quality;

b. Resource Use;

c. Clinical Practice Improvement; and

d. Meaningful Use of Certified EHR Technology

MIPS guidelines will determine whether providers’ compensation for Medicare Part B reimbursements is adjusted up for superior performance, or down for performance that falls short of the established mean. Based on the MIPS composite performance score, providers will receive positive, negative or neutral adjustments to the base rate of their Medicare Part B Payment that will increase each year from 2019 (+4% to -4%) through 2022 (+9% to -9%), when adjustment levels will stabilize. The MIPS composite performance score will be determined by performance measures established in the forthcoming MACRA rules.

MIPs payment adjustments are required to be budget neutral. This means that rather than additional spending, higher reimbursement for those who score well will come from reduced payments to those with poorer performance.

2. Alternative Payment Models (APMs) provide a new way for Medicare to compensate healthcare providers for the care they give to Medicare beneficiaries. Most providers who participate in APMs will also be subject to MIPS, but will receive favourable scoring – with correspondingly higher reimbursement rates. Providers participating in the most advanced APMs (including Accountable Care Organizations (ACOs), Patient Centred Medical Homes and Bundled Payment Models) may be designated as Qualifying APM Participants (QPs), which are not subject to MIPS. They may be eligible for:

a. Annual 5% lump-sum bonus payments from 2019 through 2024;

b. Beginning in 2026, higher annual premiums (for some participating providers); and

c. Increased flexibility through physician-focused payment models

3. Advanced Alternative Payment Models The most advanced alternative payment models will be deemed ‘eligible’ APMs which qualify for even higher levels of reimbursement tied to performance. These will be a subset of APMs and will not include all payment models. Eligible APMs will require use of certified electronic health record (EHR) technology. Eligible APMs will only include payment models in which physicians bear ‘more than nominal’ risk for financial losses or participate in patient centered medical home models under CMMI authority.

HIPAA:

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

HIPAA Privacy Rule

The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.” The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information while protecting the privacy of people who seek care and healing

The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:

• Healthcare providers: Every healthcare provider, regardless of size of practice, who electronically transmits health information in connection with certain transactions. These transactions include claims, benefit eligibility inquiries, referral authorization requests, and other transactions for which HHS has established standards under the HIPAA Transactions Rule.
• Health plans: Entities that provide or pay the cost of medical care. Health plans include health, dental, vision, and prescription drug insurers; health maintenance organizations (HMOs); Medicare, Medicaid, Medicare Choice, and Medicare supplement insurers; and long-term care insurers (excluding nursing home fixed-indemnity policies). Health plans also include employer-sponsored group health plans, government- and church-sponsored health plans, and multi-employer health plans.
  • Exception: A group health plan with fewer than 50 participants that is administered solely by the employer that established and maintains the plan is not a covered entity.
• Healthcare clearinghouses: Entities that process nonstandard information they receive from another entity into a standard (i.e., standard format or data content), or vice versa. In most instances, healthcare clearinghouses will receive individually identifiable health information only when they are providing these processing services to a health plan or healthcare provider as a business associate.
• Business associates: A person or organization (other than a member of a covered entity’s workforce) using or disclosing individually identifiable health information to perform or provide functions, activities, or services for a covered entity. These functions, activities, or services include claims processing, data analysis, utilization review, and billing.