On December 28, 2015, President Obama signed into law S. 2425, the Patient Access and Medicare Protection Act (the “Act”).  In addition to provisions intended to ensure that Medicare reimbursement policies promote continued access to certain durable medical equipment, like wheelchair accessories, the Act includes provisions that affect adoption of Health Information Technology (“HIT”) and those that provide greater protection against medical identity theft.  Specifically, the Act recognizes various categories of hardship exceptions from meaningful use requirements for the 2015 reporting period and strengthens the penalties associated with medical identity theft.

Currently, the Centers for Medicare & Medicaid Services (“CMS”) may only approve hardship exceptions from the meaningful use requirements, which encourage eligible health care professionals and hospitals to adopt Electronic Health Record (“EHR”) technology, on a case-by-case basis.  The Act now gives CMS the ability to grant certain blanket exceptions for health care providers from Medicare penalties for failing to adopt EHRs under the Medicare Electronic Health Record Incentive Program.

According instructions found on the CMS website, eligible hospitals can apply for hardship exceptions in the following categories:

  • Infrastructure — Eligible hospitals must demonstrate that they are in an area without sufficient internet access or face insurmountable barriers to obtaining infrastructure (e.g., lack of broadband).
  • New Eligible Hospitals — Eligible hospitals with new CMS Certification Numbers (“CCNs”) that would not have had time to become meaningful users can apply for a limited exception to payment adjustments. The hardship exception is limited to one full-year cost reporting period.
  • Extreme and Uncontrollable Circumstances — Examples may include a natural disaster or other unforeseeable barrier.
    • EHR Vendor Issues – Examples may include switching vendors or products.

The blanket hardship exceptions are not automatically conferred to eligible professionals and hospitals.  Rather, eligible professionals have until March 15, 2016, and eligible hospitals until April 1, 2016, to apply to CMS for an exception.

The Act also strengthens penalties for illegal distribution of Medicare, Medicaid or CHIP beneficiary identification numbers or unique health identifiers for health care providers.  The knowing and willful purchase, sale, or distribution of a provider’s unique health identifier or a Medicare, Medicaid, or CHIP beneficiary identification number carries a prison sentence up to 10 years, or a fine up to $500,000 ($1 million in the case of a corporation), or both. The penalties established under the Act are intended to deter persons, including potential hackers, from stealing Medicare and other federal health plan identification numbers.