Stage 2 of Meaningful Use under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) requires providers who want the HITECH Act’s EHR incentive payments to ensure that at least some patients are engaged and are actually using their electronic health records (EHRs).  The Final Rule for the Stage 2 criteria call for eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) to provide a means for patients to access their health care information online.  EPs must also provide a means for patients to send secure messages electronically, however, patients have to actually use these services in order for providers to meet these new measures for making a Meaningful Use of certified EHRs.

Patients Discharged from Hospitals and CAHs Must Access Health Information Online

Hospitals and CAHs must ensure that more than 50% of all patients who are discharged from the inpatient or emergency department have their information available online within 36 hours of discharge. The more potentially problematic measure is that 5% of all of these discharged patients (or their authorized representatives) must “view, download or transmit to a third party their information.” 

Exclusion:   Recognizing that certain patient populations face greater challenges in online access to health information, the Centers for Medicare & Medicaid Services (CMS) established an exclusion for any eligible hospital or CAH located in a county that does not have 3Mbps broadband availability for 50% or more of the county’s housing units according to the latest information available from the FCC on the first day of the EHR reporting period.  This exclusion only applies to the measure requiring more than 5% of patients to view, download or transmit their information and does not affect a hospital’s or CAHs’ obligation to make information available timely. 

Note:  In order to meet this objective and measure, hospitals and CAHs must employ certified EHR technology (CEHRT).   CEHRT meets the accepted ONC standards that enable a provider to readily meet this Meaningful Use measure for those patients who want to access their health information online.

Patients of EPs Must Access Health Information Online and Send Secure Messages Electronically to their EPs

EPs must insure that more than 50% of all unique patients seen by the EP are provided online access to their health information within four business days after the information is available to the EP, subject to the EP’s discretion to withhold certain information.  However, Stage 2 criteria also require that more than 5% of all unique patients seen by the EP (or their authorized representatives) view, download or transmit their health information to a third party.

Exclusions:  Any EP who neither orders nor creates any of the information listed for inclusion as part of both measures, except for “Patient name” and “Provider’s name and office contact information,” may exclude both of the above measures.  Further, any EP that conducts 50% or more of his or her patient encounters in a county that does not have 3Mbps broadband available for 50% or more of its housing units according to the latest information available from the FCC on the first day of the EHR reporting period may exclude the measure that requires more than 5% of patients to view, download or transmit their information.

EPs are also measured by whether 5% of unique patients (or their authorized representatives)  send secure messages using the electronic messaging function of CEHRT to the EPs.

Exclusions:  CMS recognizes an exclusion from secure messaging for any EP who has no office visits.  Also, there is an exclusion for any EP that conducts 50% or more of his or her patient encounters in a county that does not have 50% or more of its housing units with 3Mbps broadband availability according to the latest information available from the FCC on the first day of the EHR reporting period.

Note:  In order to meet these objectives and measures, an EP must use the capabilities and standards of CEHRT.  In particular, CMS advises:

The use of common email services and the security measures that may be used when they are sent may not be appropriate for the exchange of protected health information. Therefore, the exchange of health information through electronic messaging requires additional security measures while maintaining its ease of use for communication. While email with the necessary safeguards is probably the most widely used method of electronic messaging, for the purposes of meeting this objective, secure electronic messaging could also occur through functionalities of patient portals, PHRs, or other stand-alone secure messaging applications.

In summary, these Stage 2 measures raise concerns that providers will not meet their core objectives because of patient inaction.  Thus, in order to satisfy these measures, health care providers must take steps now to actively encourage patients to access their information and to communicate electronically.  Otherwise, they may be held financially accountable later for their patients’ failure to take advantage of EHRs.

For earlier articles and comments about the use of secure messaging to communicate with patients, see our post titled, “Use of electronic communications with patients,” posted way back on December 9, 2009.