If you're having trouble viewing this email, you may see it online.

Share this:
CQHII News Bulletin
December 2024 
Upcoming MIPS Dates/Deadlines
  • December 31, 2024: PY 2024 Ends, Quality Payment Program Exception Applications Window for PY 2024 Closes
  • January 2, 2025: Submission Window Opens for PY 2024
  • March 21, 2025: Submission Window Closes for PY 2024
    HIPAA Privacy Rule is Changing
    The “HIPAA Privacy Rule to Support Reproductive Health Care Privacy” goes into effect December 23, 2024. The compliance date for “Notice of Privacy Practices” is February 26, 2026.
     
    The change strengthens privacy protections by prohibiting the use or disclosure of Protected Health Information (PHI) by a covered health care provider, health plan, or health care clearinghouse - or their business associate – (collectively, “regulated entities”) for either of the following activities:
    • To conduct a criminal, civil, or administrative investigation into or impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care, where such health care is lawful under the circumstances in which it is provided.
    • The identification of any person for the purpose of conducting such investigation or imposing such liability.
    The Privacy Rule has not changed for any requests for PHI not made to investigate or impose liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care.
     
    Health Human Services (HHS) has provided a template to protect regulated entities when PHI is requested. The entity that is requesting PHI must sign documents confirming the request is not for prohibited purposes.
     
    HHS has provided a Social Media Toolkit for regulated entities reference.
     
    HHS Resources:
     'Tis the Season for...
    Security Training. Hackers love this time of year! People buying things over the internet and getting packages through the mail. Look for emails with lines like:
    • Click on this link to track your package
    • You have just spent hundreds of dollars. Click on this link to approve your purchase
    • Click on this link to claim your free prize for shopping with us
    Never, ever click on the link in these types of emails. They are all just cons that hackers are using to gain access to your computer and your personal information.
     
    CQHII has found several articles that could be used for your security training this month. It’s a good idea to overtrain on security this time of year. If you say the words “security training” and your staff rolls their eyes – you know you’re doing a good job. 
    Cyber Threat Landscape: A Strategic and Tactical Overview
    Recording:
     https://www.youtube.com/watch?v=k81c-Dm7eTM presentation starts at 19:04 there are introductions first.

    Presentation
    This presentation was built to scare everyone into HIPAA Security compliance. Some of the threats presented include bad actors, phishing trends, and quantum computing. It is a good idea to be suspicious of everything this time of year.  
    Phantom Voices: Defend Against Voice Cloning Attacks
    Link:
    https://www.sans.org/newsletters/ouch/phantom-voices-defend-against-voice-cloning-attacks/
    EH/CAH Promoting Interoperability Program 
    EHR Reporting Period
    The Electronic Health Record (EHR) reporting period for new and returning Eligible Hospital and Critical Access Hospital participants in CY 2024 is a minimum of any continuous, self-selected, 180-day period ending on December 31, 2024.  Participants will attest performance data on January 2, 2025, through February 28, 2025.  
    To Report Issues to the Center for Clinical Standards and Quality (CCSQ)
    The CCSQ Service Center is expecting an increase in service related needs and to minimize a backlog, you should  use only one method of reporting for the same issue (phone, email, or CCSQ Support Central). Cases are processed by CCSQ in the order in which they are received. Please be patient and allow time for processing. 
    Please click here for a variety of options to contact the service center.
    Calling about an existing ticket
    Please have your ticket number available for the representative that will be assisting you. 
    Submit Your Data Early
    We encourage you to submit your 2024 eCQM and Medicare Promoting Interoperability data early during the submission period. Early submission will allow you plenty of time for CCSQ assistance, if needed.
    Additional information related to Promoting Interoperability (PI) is located at the PI Program Landing Page.  Information related to the IQR-EHR and eCQMs can be found at https://qualitynet.cms.gov/support.   You may contact the CCSQ Service Center at 1-866-288-8912, Monday through Friday, 8:00 AM-8:00 PM ET, by e-mail at:  qnetsupport@cms.hhs.gov or by visiting the CCSQ Support Central.  Customers who are hearing impaired can dial 711 to be connected to a TRS Communications Assistant. 
    Medicare Promoting Interoperability Objectives and Measures for Eligible Hospitals and Critical Access Hospitals
    Participants are required to report on four scored objectives and their measures which include Public Health and Clinical Data Exchange requirements and to report (yes/no) on the Protect Patient Health Information objectives, Security Risk Analysis and Safety Assurance Factors for EHR Resilience (SAFER) Guides measure. Beginning in CY 2024, participants will be required to attest “Yes” to having completed the SAFER Guides measure. Selecting “no” or not completing the requirement will result in automatic failure.  Participants will attest to Actions to Limit or Restrict Interoperability of CEHRT Attestation are required.  The ONC direct review attestation is optional.
    Scoring Methodology
    A performance-based scoring methodology is in place for each measure contributing to a minimum of 60 points to satisfy the scoring requirement.
    Electronic Clinical Quality Measures (eCQMs)
    Participants must report on and submit a full year’s worth of data for a total of six eCQMs, to include 3 self-selected eCQMs; the Safe Use of Opioids – Concurrent Prescribing eCQM; and the Severe Obstetric Complications eCQM; and the Cesarean Birth eCQM.
      Unveiling the Shadows: How Cyber Criminal Steal Your Passwords
      Link:
      https://www.sans.org/newsletters/ouch/unveiling-shadows-how-cyber-criminals-steal-your-passwords/
      HHS OCR Breach Enforcement Update
      Recording:
      https://www.youtube.com/watch?v=U6jHiWEZOsU

      Presentation
      HIPAA $548,265 Penalty
      OCR investigated Children’s Hospital Colorado reported a phishing attack that compromised an email account containing 3,370 individuals’ PHI. OCR’s investigation determined that the breach occurred because multi-factor authentication was disabled on an email account. OCR also found violations of the HIPAA Privacy Rule for failure to train workforce members, and the HIPAA Security Rule for failure to conduct an SRA. 
       
      To read the entire email and see OCR’s recommended steps to prevent cyber-threats, click on the link here
      Phone: 713.500.3479  |  Fax: 713.500.3655  |  CQHII@uth.tmc.edu |  https://sbmi.uth.edu/cqhii/
      7000 Fannin Street Suite 600 | Houston, TX 77030 US
      This email was sent to megan.m.robertson@uth.tmc.edu. To ensure that you continue receiving our emails, please add us to your address book or safe list.

      manage your preferences | opt out using TrueRemove®.

      Got this as a forward? Sign up to receive our future emails.
      powered by emma