Alpha II and FIG.md, two data registries supporting physician compliance with federal data reporting initiatives, are the first registries to be accredited for meeting best business practices under a new program that officially rolls out in January 2016.
Receiving this accreditation from the Electronic Healthcare Network Accreditation Commission is a difficult task that requires substantial preparation before application and approval.
Alpha II, which supports eligible professionals in reporting under the Physician Quality Reporting System, and FIG.md, a clinical data registry supporting specialty societies, hospitals, health systems and accountable care organizations, were beta sites for the new program from EHNAC, which accredits a wide range of healthcare industry vendors.
The use of registries required to report for seven federal initiatives, such as physician quality reporting, meaningful use and HEDIS, “spotlights the need to ensure that these entities meet the industry needs in the areas of privacy, security and key operational functions, just as we would traditional vendors,” says Lee Barrett, executive director at EHNAC.
Further, Stage 3 of the Meaningful Use incentive program could bring new registry reporting requirements covering immunizations, syndromic surveillance, case reporting, public health reporting, clinical data reporting and lab reporting. These types of reporting are important for meeting a goal that half of federal healthcare payments will be tied to value by 2019. However, until now, there was no way to determine if registries have the appropriate security and business processes in place.
Alpha II already is an accredited Electronic Health Network under EHNAC. That provided a head start in seeking this new accreditation because 75 percent of EHNAC criteria is core to its various accreditation programs, so only a quarter of the criteria were new to Alpha II. And it still was a difficult task, says Mary Cremeans, compliance officer for Alpha II.
The beta sites only had a couple of weeks to work through accreditation, which required long days and nights; other organizations when the program officially starts will have considerably more time. Cremeans had workflows and files set up from the health network accreditation, so she generally knew where to place data and where to pull it when needed to support documentation of compliance with various criteria under the registry program. But it still was a tedious process because, in total, at least 500 documents were needed.
For documents she didn’t already have, Cremeans had to solicit various departments including IT, business operations and legal, among others. Then came the real tedious task; information from documents she already had and those acquired from departments had to be linked to specific registry accreditation criteria. That required hyperlinking many hundreds of documents to the criteria, and there may be 10 pieces of evidence needed to show compliance with one criteria, such as demonstrating existence of business associate agreements with vendors—and requiring 10 hyperlinks.
While accreditation is a burden, it rewards companies that show the additional effort of demonstrating their business performance, Cremeans says. Alpha II directs potential customers to the EHNAC website to see the vendor’s Electronic Health Network certificate and to understand the value of a business partner having the certificate.
Further, she argues, accreditation—whether in the registry program or another program—will be very helpful in the event of audits from the Centers for Medicare and Medicaid Services and other regulatory bodies as an organization already will have many of the documents that auditors will want to see.
To be successfully accredited or pass an audit, an organization must have well-organized policies and procedures implemented—not just on paper, Cremeans says. “Everyone has to be on board.” That includes full buy-in from senior leaders and department heads, especially IT which is where you get help documenting security, network diagrams and inventories.
“Everyone has to know who the compliance officer is,” she adds. “Everyone has to cooperate in providing information. Everyone has to know their role with HIPAA and HITECH, where to go for information, and what they are allowed and not allowed to do with the information.”
For instance, an auditor will almost certainly check to see if computers not in use are locked—even if the user left for only a few minutes, Cremeans warns. And getting everyone used to locking their computer takes considerable time and effort, so start working on it now, she advises. “You always have to be on your guard knowing how you are handling your material.”
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access