CMS Releases Hospital COP Event Notification FAQs; Interpretive Guidance

by | May 13, 2021 | Care Coordination, Health IT, HIE & HIN, Other, Privacy & Consent

On May 1, modifications to the Medicare Conditions of Participation (“CoPs”) went into effect, requiring certain electronic event notifications for admissions, discharges and transfers (“ADTs”) to and from hospitals, critical access hospitals and psychiatric hospitals. To provide guidance to hospitals and state surveyors, CMS released several FAQs as well as interpretive guidance last week to be published in the State Operations Manual.

Hospitals are required to make a “reasonable effort” to ensure that notifications are sent to post-acute care services providers and suppliers, and other practitioners and entities, which need such notifications for treatment, care coordination or quality improvement. Under the new CoP, ADT notifications must be sent for all emergency department and inpatient patients where the hospital, critical access hospital or psychiatric hospital maintains an electronic medical record or administrative system.

What steps must a hospital take in order to constitute a “reasonable effort”? Not much additional clarity is provided in this respect by CMS in the interpretive guidance or FAQs.  CMS states in the interpretive guidance that hospitals are required to make “every effort” to make notifications available “immediately” and without “any intentionally delays.” In one of the FAQs, CMS notes that this immediacy would not, however, prevent tailoring delivery based on individual provider preferences, such as daily delivery or upon discharge only if a provider would prefer such.

The CMS Patient Access Final Rule sheds some additional light on how hospitals may strive to identify providers and suppliers to whom notification must be sent. For example, in the Preamble to the Final Rule, CMS notes,

….For instance, hospitals might identify appropriate practitioners by requesting this information from patients or caregivers upon arrival, or by obtaining information about care team members from the patient’s record….hospitals might develop or optimize processes to capture information about established care relationships directly, or work with an intermediary that maintains information about care relationships….[or] directly or through an intermediary, identify appropriate notification recipients through the analysis of care patterns or other attribution methods….

In the Preamble to the Final Rule, CMS also provides an example of surveyors reviewing documentation related to a hospital’s processes for identifying intended recipients. CMS notes that this could include, for example, surveyors looking at whether a hospital has in place a process for capturing Direct addresses of patient providers to enable its system to send event notifications to such providers.   While hospitals are also permitted to partner with an intermediary in order to identify providers and send the required notifications, whether exclusively or otherwise, the hospital is still subject to the requirement that the notifications must be sent to all applicable providers and suppliers. Therefore, as CMS notes in the Preamble to the Final Rule, exclusive use of an intermediary which has a limited ability to delivery notifications to the specified set of recipients will not satisfy the CoP and a hospital will need to meet the requirement through an alternative notification mechanism.

What happens then, if, despite “every effort”/”reasonable effort”, appropriate providers cannot be located or their identify verified? CMS does address this in one of the FAQs, stating,

Regarding improper disclosure of health information where a hospital cannot confirm the identity of a receiving provider, we note that under these requirements a hospital would not be under any obligation to send a patient event notification in such cases. Under our final rule, hospitals are required to make a “reasonable effort” to ensure their systems send notifications to the specified recipients. We believe this standard accounts for instances in which a hospital (or its intermediary) cannot identify an appropriate recipient for a patient event notification despite establishing processes for identifying recipients, and thus is unable to send a notification for a given patient.

CMS also notes in the FAQs that, although hospitals are not required to obtain patient consent for sending ADT notifications, “it is important for hospitals to be able to honor patient preferences to not share their information.”  Hospitals are only required to send ADT notifications “to the extent permissible under applicable federal and state law and regulations and not inconsistent with the patient’s expressed privacy preferences.” A hospital therefore can record a patient’s request to not share their information and would be expected to document such patient preference.

The new CoP for hospitals are located in the medical records requirements at 42 CFR 482.24(d)(1-5), at 42 CFR 482.61(f)(1-5) for psychiatric hospitals, and at 42 CFR 485.638(d)(1-5) for CAHs.

Subscribe HERE to Legal HIE’s compliance library to gain access to sample policies, documents and tools for compliance with the Information Blocking Rule. Review our Table of Contents here.

Print Friendly, PDF & Email
Share this:

If you are not a subscriber to our backend Legal HIE compliance library, download our Table of Contents here to check out all of the tools, checklists, whitepapers, sample policies we make available to our members to help their organizations comply with Information Blocking, HIPAA, 42 CFR Part 2, Data Breaches and more. Ready to subscribe now? Click here to review our subscription options.

Archives