Is Your Organization Ready to Meet the New CMS Notification Rule?

In the midst of the ongoing COVID-19 pandemic, new notification and digital contact rules for hospitals may have gone unnoticed. But the Centers for Medicare & Medicaid Services (CMS) have shown clear intent to enforce the new rules, so your organization should ensure it is prepared.

As of April 30, 2021, Medicare-certified hospitals, psychiatric hospitals and critical access hospitals (CAHs) are required to send electronic patient event notifications to upstream and downstream providers as patients move among care settings. Auditors do not announce visits in advance, and penalties can include losing CMS certification and the ability to recoup payments from Medicare and Medicaid.

Another CMS rule went into effect Dec. 31, 2021, that requires providers publish up-to-date digital contact information using approved methods.

How to meet the new rule

Organizations can meet the new rule regarding patient electronic admission, discharge and transfer (ADT) notifications if they can send an electronic message using direct secure messaging, HL7/FHIR or electronic cloud faxing.

Electronic ADT notifications are a Condition of Participation (CoP) for hospitals that receive Medicare reimbursement. Enforcement was delayed to May 1, 2021, to give providers more time to implement policies to comply. CMS has empowered State Survey Agencies and Accreditation Organizations (AOs) to add ADT alert compliance to their audits of participating hospitals. CMS considers paper faxes or phone calls to communicate ADT notifications a noncompliant patient data exchange method. Organizations that fail an audit have as little as 90 days to attain compliance.

To encourage data interoperability across the healthcare landscape, CMS requires providers to publish up-to-date digital contact information in the National Plan & Provider Enumeration System (NPPES). Noncompliant hospitals will be publicly listed, using a method much like the Office of Civil Rights’ breach notification portal, the so-called “Wall of Shame.”

Each healthcare provider must provide digital contact information, or an “endpoint,” as a unique electronic address. The goal is to allow providers to send authenticated, encrypted patient data to known and trusted recipients over the internet. Therefore, CMS deems only certain types of digital contact information compliant, including:

Hospitals need up-to-date digital contact information for the NPPES directory using technologies from the above list. Providers also need up-to-date and approved endpoints through National Provider Identifiers (NPIs). The compliance deadline was Dec. 31, 2021, so noncompliant organizations face audits and steep penalties.

Email does not meet the CMS requirements for secure digital contact information, nor does a fax number — even if the provider uses a digital fax solution.

According to CMS, “A digital fax number is not considered a digital endpoint. For those providers who continue to rely on fax-based modes of sharing information, we hope that greater availability of digital contact information will help reduce barriers to electronic communication with a wider set of providers with whom they share patients.”

Fax remains a viable method to transmit ADT notifications, as long as the organization uses a solution with fax-to-direct workflow that automatically converts digital faxes to the acceptable direct format. This solution allows staff to maintain the same workflows while staying in compliance with
CMS regulations.

The time to adopt ADT notifications is now

Since CMS is adamant that no extensions will be given for hardship claims. Fortunately, digital solutions available today can help Medicare-certified hospitals, psychiatric hospitals and critical access hospitals incorporate automated ADT alerts into daily workflows in such a way as to meet the standards of the CMS Final Rule.

Such a solution can be deployed across an organization quickly, easily and without disrupting operations or patient care. The same digital solution can also bring an organization into compliance with the digital contact rules.

Transmitting ADT notifications automatically at the appropriate times to other providers can help your organization promote better outcomes, strengthen relationships with payers and providers, and demonstrate compliance with CMS regulations.