Understanding the MIPS PI Non-Scoring Requirements

Attention providers!

Want to earn a high MIPS Promoting Interoperability (PI) category score? Here's what you need to know: before you can earn a performance score in measures like electronic prescribing, Health Information Exchange, provider-to-patient exchange, and Public Health and Clinical Data Exchange engagement, you need to complete and attest to 5 other items. Don't miss out on the crucial 25 PI points. Read on for tips on meeting these 5 requirements.

1. Submit a CMS certification identification number

Starting in 2023, you'll need to use an EMR that meets the 2015 Edition of Health IT Certification criteria and is updated to the 2015 Edition Cures Update to meet the CEHRT definition. This means, your EMR needs to be up-to-date by the last day of your selected reporting period.

Not sure if your EMR meets the requirements? CEHRT status can be found here.

And, here's the catch - if you don't have an EMR or if it's unable to meet the 2015 CURES CEHRT requirements, you won't receive a score for PI. So, make sure your EMR is in compliance to avoid any hiccups.

2. Complete the ONC Direct Review attestation

During your MIPS data submission, you will be required to attest that your practice –

1. Acknowledges the requirement to cooperate in good faith with ONC direct review of his or her health information technology certified under the ONC Health IT Certification Program if a request to assist in ONC direct review is received; and

2. If requested, cooperated in good faith with ONC direct review of his or her health information technology certified under the ONC Health IT Certification Program as authorized by 45 CFR part 170, subpart E, to the extent that such technology meets (or can be used to meet) the definition of CEHRT, including by permitting timely access to such technology and demonstrating its capabilities as implemented and used by the MIPS eligible clinician in the field.

This means that you are agreeing to participate in an ONC Direct Review of your Health IT in the event that you receive a request from the ONC.

3. Attest to the Actions to limit or restrict compatibility or interoperability of CEHRT statement

During your data submission, you will be required to attest to CMS that your practice did not knowingly and willfully take action (such as to disable functionality) to limit or restrict the compatibility or interoperability of certified EHR technology.

When making this declaration, you're attesting to the fact that you have worked in good faith by:

• Supporting the appropriate exchange of electronic health information

• Refraining from intentionally limiting or restricting CEHRT's compatibility or interoperability.

Some examples of actions that may restrict interoperability include:

• Restricting access to specific types of data elements or the structure of the data.

• Utilizing CEHRT in manners that restrict which entities or people can access and exchange information or what forms of tech they can use.

4. Annual Security Risk Assessment

Your practice is required to conduct an annual Security Risk Assessment (SRA) to score in the PI category. This assessment is crucial in identifying any potential risks and vulnerabilities to the confidentiality, availability, and integrity of all ePHI that your organization creates, receives, maintains, or transmits. It covers ePHI in all forms of electronic media, including hard drives, floppy disks, CDs, DVDs, smart cards, and more.

Your providers must be able to demonstrate that they have a plan in place to address any identified areas of concern and have taken the necessary steps to implement that plan. While the assessment can take place outside of your reported time frame, it must be completed during the reporting calendar year.

The MIPS SRA requirements are aligned with those of the HHS. If you fail to complete an annual SRA, you will receive no score for PI, regardless of whether other measures are reported.

5. Safety Assurance Factors for EHR Resilience (SAFER) Guides measure

Providers are required to complete the High Priority Practices Guide of the Safety Assurance Factors for EHR. While CMS does not require that the practice has all items implemented “fully in all areas”, the assessment must be conducted while your EMR meets the 2015 CURES CEHRT requirements.

Providers are required to complete the High Priority Practices Guide of the Safety Assurance Factors for EHR. While CMS does not require that the practice has all items implemented “fully in all areas”, the assessment must be conducted while your EMR meets the 2015 CURES CEHRT requirements.

In conclusion, it is important that medical practices understand and comply with the MIPS Promoting Interoperability category requirements in order to receive a score and avoid significant financial penalties. Reporting and meeting the MIPS requirements will help your practice deliver higher-quality care, improve healthcare outcomes, and engage patients. Staying updated on the latest PI category measures and best practices can ensure a successful and seamless reporting experience. KRK VBC is here to help you attain compliance with current MIPS regulations. We provide comprehensive guidance to ensure that providers meet the expected standards for successfully Promoting Interoperability and MIPS participation and maintaining a stellar score - while avoiding potential penalties.