November 21, 2019
Health Care Alert
Health Care Alert
Author(s): Meghan L. Hopkins
The Centers for Medicare & Medicaid Services announced a simplified, “outcomes-based” approach to certify Electronic Visit Verification systems.
Recently, the Centers for Medicare & Medicaid Services (“CMS”) announced a simplified, “outcomes-based” approach to certify Electronic Visit Verification (“EVV”) systems that states and provider organizations will be required to implement to document all Medicaid personal care and home health services.
In the past, CMS certified EVV systems using the Medicaid Enterprise Certification Toolkit, which has 146 certification evaluation criteria and includes project initiation milestone reviews. The new outcomes-based approach purports to streamline this process by reducing the certification evaluation criteria from 146 to 11 and eliminating the project milestone reviews altogether.
The new EVV certifications are centered around two business-related outcome statements, Preventing Fraud and Availability & Accessibility, and one enterprise outcome statement, Privacy & Security. States will demonstrate their EVV solution’s achievement of these outcomes through the evaluation criteria and key performance indicators (“KPIs”) described below.
Under this business outcome statement, the state Medicaid agency has an enhanced ability to prevent fraud, waste, and abuse through increased visibility into its home- and community-based services (HCBS) program. KPIs for this outcome include: (i) an association of the EVV record to a claim or encounter; (ii) a match of the EVV against approved services, provider organization, and units; and (iii) the EVV record devoid of manual edits.
There are six evaluation criteria for this outcome:
Under the second business outcome statement, beneficiaries, their caregivers, and provider organizations can access the system when they need to do so. Access to the system is not limited by a beneficiary’s disabilities, by his or her provider organizations’ lack of ownership of a mobile device, or by his or her location. KPIs for this outcome include EVV system availability in order to ensure that the EVV system has a high availability.
There are four evaluation criteria for this outcome:
Under the single enterprise outcome statement, beneficiary personal health information (“PHI”) and beneficiary and clinical professional personally identifiable information (“PII”) are protected in compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). Best practices for security and privacy controls must be in place. KPIs for this outcome include privacy and security to ensure that the state is managing privacy and security risks.
The evaluation criterion for this outcome requires that the solution, employees, contractors, and downstream subcontractors or entities that work with electronic PHI/PII comply with the HIPAA privacy, security, and breach notification regulations, and applicable state and federal laws and regulations. Required evidence includes a recent penetration test report, a security and privacy control assessments report, and an independent, third-party security and privacy controls assessment report.
CMS released the outcomes-based structure, KPIs, and evaluation criteria in “Electronic Visit Verification (EVV) Certification Version 1.0: Guidance” on October 22, 2019. Just two days later, in a separate release entitled “CMCS Informational Bulletin: Outcomes-Based Certification. For Electronic Visit Verification (EVV) Systems,” CMS offered states the opportunity to receive enhanced, 90% Federal Financial Participation (“FFP”), or funding from the federal government, to design, develop, and implement outcomes-based EVV. In order to qualify for enhanced FFP under the outcomes-based certification process, a state’s EVV solution must meet evaluation criteria including the accessibility to persons with disabilities, support for non-native English speakers, and stakeholder inclusion.
States that fail to implement a compliant EVV system by January 1, 2020, for personal care services and January 1, 2023, for home health services will lose a share of their federal Medicaid matching funds for these services.
The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.