BUSINESS: technology

Meaningful Use Update



Meaningful Use Update

Attesting to three months of use, the Stage 2 deadline and security


As of this column’s publication, MU incentive program participants have just two quarters left to attest to three months of Meaningful Use (MU) of EHR and roughly five months left to transition to Stage 2 MU if they began Stage 1 MU in 2011 or 2012. (If you’re unsure of your MU stage, see “Stage of Meaningful Use” below.)

Further, MU incentive program participants must pay special attention to security risk analysis if they want to survive a CMS audit.

Three months of reporting

Before 2014 ends, you must verify MU for three months regardless of your MU stage, or you’ll see a 1% decrease in Medicare reimbursements beginning 2015 and additional 1% reductions from 2016 to 2019 for continuous non-compliance. Your three months of attestation must begin at the start of an actual quarter. The quarters that remain start on July 1 and Oct. 1.

Stage of Meaningful Use
1st Year 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021
2011 1 1 1 2 2 3 3 TBD TBD TBD TBD
2012   1 1 2 2 3 3 TBD TBD TBD TBD
2013     1 1 2 2 3 3 TBD TBD TBD
2014       1 1 2 2 3 3 TBD TBD
2015         1 1 2 2 3 3 TBD
2016           1 1 2 2 3 3
2017             1 1 2 2 3

Transitioning to Stage 2

If you have met Stage 1 MU for two to three years, you must transition to Stage 2 MU criteria by Oct. 1, 2014 to continue to participate in the Medicare EHR Incentive programs.

Stage 2 MU, which is focused on advanced clinical processes, is categorized into measures (as is Stage 1 MU) known as core, menu and clinical quality measures (CQMs). Most of the core measures for Stage 2 MU are the same as Stage 1 MU, just renumbered and with higher thresholds.

For example, a core measure for Stage 1 MU is “more than 30% of unique patients with at least one medication in their medication list seen by the Eligible professional (EP) have at least one medication order entered using computerized physician order entry (CPOE),” while the core measure for Stage 2 MU is “more than 60% of medication, 30% of laboratory and 30% of radiology orders created by the EP during the EHR reporting period are recorded using CPOE.”

EPs must report on 17 core measures (example: “generate and transmit permissible prescriptions electronically”), three out of six possible menu measures (example: “record patient family health history”) and choose and report on nine of a possible list of 64 approved CQMs (example: “controlling high blood pressure”) to meet Stage 2 MU requirements. Also, the chosen CQMs must cover at minimum three of the six available Department of Health and Human Services National Quality Strategy domains: (1) Patient and Family Engagement, (2) Patient Safety, (3) Care Coordination, (4) Population and Public Health, (5) Efficient Use of Healthcare Resources and (6) Clinical Processes/Effectiveness.

As with Stage 1 MU, you want to access all the requirements for Stage 2 MU from the CMS website. (See for Stage 2 Regulations & Guidance.) Also, contact your EHR vendor for information that details how to meet the Stage 2 MU requirements.

Many EHR vendors have not yet provided the CMS-required upgrades for Stage 2 MU. As a result, contact your vendor to find out if/when these upgrades are or will be completed if you haven’t done so already.

Security risk

The biggest challenge EPs found with audits on Stage 1 MU was the security risk analysis. The reason: They didn’t realize it required more than turning on a feature within their certified EHR. The security risk analysis actually requires in Stage 1 MU and Stage 2 MU what CMS describes as “a thoughtful and thorough evaluation of how well your practice protects patient data.”

The five areas in your practice you must analyze for the security risk analysis, according to CMS, are:

    1. Physical safeguards.

    2. Technical safeguards.

    3. Policies and procedures.

    4. Administrative safeguards.

    5. Organizational safeguards.

To fulfill this measure, make certain you and your IT company review the CMS Security Risk Analysis Tip sheet on, and ask your EHR company to recommend someone knowledgeable about this measure.

If CMS requests an audit for Stage 1 MU or Stage 2 MU, contact your EHR company before you respond, so you can ensure you comply with all requests by the auditors the first time. (See “How to Survive a Meaningful Use Audit,” page 40.)

Also, check out, which provides information about how to successfully navigate an audit.

Healthcare deadlines

Meaningful Use deadlines are stressful, but you must adhere to them to prevent a decrease in Medicare reimbursements. So be diligent, and stay on top of them. OM

Dr. Jasper is a Vision Source Administrator and in private practice in West Palm Beach, Fla. E-mail her at, or comment at