CMS and ONC Release Stage 2 Meaningful Use and Standards Final Rules

by King & Spalding

On August 23, 2012, CMS released a display copy of the final Stage 2 Meaningful Use criteria that eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) must meet in order to qualify for incentive payments under the Medicare and Medicaid EHR Incentive Programs, as established by the HITECH Act (the Final Rule).  The Office of the National Coordinator for Health IT also released a final rule establishing the certification standards EHRs must meet to enable providers to achieve meaningful use during Stage 2.

Stage 2 criteria will take effect beginning in 2014 for providers that successfully attested to meeting the Stage 1 criteria during the 2011 reporting year.  CMS finalized its earlier proposal to extend the deadline by which successful Stage 1 meaningful users must satisfy the Stage 2 criteria from 2013 to 2014.

Meaningful Use Functionality Measures

CMS finalized its proposal to require eligible hospitals and CAHs to meet the criteria or an exclusion for 16 core functionality measures, and to meet the criteria for three of six menu options.  EPs must meet the criteria or an exclusion for 17 core measures, and meet the criteria for three of six menu options.  The Final Rule largely adopts the Stage 2 functionality measures set forth in the proposed rule.  Of note, CMS will require that more than 50 percent of an eligible provider's unique patients be provided with online access to their health information.  EPs must make this information available within four business days of the information becoming available to the EP, and eligible hospitals and CAHs must do so within 36 hours after an inpatient or emergency department discharge.  Moreover, more than five percent of a provider's unique patients (down from the initial proposal of ten percent) must actually view online, download or transmit such health information.  

CMS slightly revised its new requirements for computerized provider order entry (CPOE).  More than 60 percent of an eligible provider's medication orders must be generated using CPOE, while more than 30 percent of laboratory and radiology orders must be generated using CPOE.  CMS will now permit orders entered by any "credentialed medical assistant" to count toward the measure.  Previously, only orders entered by EPs or licensed healthcare professionals otherwise permitted to enter orders under state, local and professional guidelines counted toward the measure.  Providers have the option to exclude from the CPOE calculation all standing orders entered into the certified EHR.

The Final Rule adds several new measures to the set of core and menu options.  CMS added a new EP core measure, requiring successful transmission of a secure electronic message to an EP by more than five percent of the EP's unique patients.  The Final Rule also adds a new core measure for eligible hospitals: the ability to track the status of more than ten percent of medication orders, from order to administration.  Eligible hospitals and CAHs may choose a new option from the menu set, an "outpatient lab reporting" measure requiring eligible hospitals and CAHs to transmit electronically more than 20 percent of their electronic lab results to the ordering provider. 

CMS adopted its earlier proposal to permit EPs to submit functionality data as a group using a single batch file.  For measures that require EPs to send an electronic "test" transmission, a group practice may submit one test for all practice locations if all EPs in the group have access to the same certified EHR at all locations using a shared network. 

Clinical Quality Measures

The Final Rule adopts the same clinical quality measures (CQMs) set forth in the proposed rule.  Eligible hospitals and CAHs must report on 16 of 29 CQMs, while EPs must report on nine out of 64 CQMs.  CMS makes clear that providers will not be evaluated on performance of individual measures, but only on the actual reporting of the data.  Beginning in 2014, eligible providers that are beyond their first year of demonstrating meaningful use must submit CQM data electronically.  EPs may submit data as individuals through either a CMS portal or through the Physician Quality Reporting System (PQRS).  EPs also may submit data as part of a group, either as members of an accountable care organization participating in the Medicare Shared Savings Program, or as members of a PQRS group practice.  Eligible hospitals and CAHs must access a CMS portal to submit CQM data.

CMS revised the timeframe during which providers must collect and submit CQM data.  CMS initially proposed a CQM reporting period of the entire 2014 calendar year for EPs and the entire 2014 federal fiscal year (October 1, 2013 through September 30, 2014) for eligible hospitals and CAHs.  Recognizing the need among vendors and eligible providers for more time to develop and implement EHR technology that satisfies ONC's Stage 2 certification standards, eligible providers may now report CQM data only for one three-month quarter during the 2014 calendar year (for EPs) or the 2014 federal fiscal year (for eligible hospitals and CAHs).   

Hospital-Based Eligible Professionals

CMS will permit EPs who previously would not have been eligible for incentives as hospital-based eligible professionals to request a waiver from that determination if the EP can demonstrate that he/she helped fund (without reimbursement from the hospital) the acquisition, implementation or maintenance of a stand-alone ambulatory certified EHR that the EP uses in the inpatient or emergency department of a hospital.

Definition of a Medicaid Patient Encounter

For purposes of satisfying the Medicaid patient volume thresholds to qualify for Medicaid EHR incentives, EPs may count all encounters with Medicaid-enrolled patients during which the EP furnishes any service to the patient regardless of whether the State Medicaid agency makes payment for the service.  Previously, CMS only permitted EPs to count those encounters in which a Medicaid covered service was furnished. This change is not retroactive to encounters from 2011 or 2012.  States are required to adopt this change in their State Medicaid HIT Plans within six months after the Final Rule is published.

Standards and Certification Final Rule

ONC also released its final rule of the new certification standards that EHRs must meet in order to enable providers to satisfy the Stage 2 meaningful use criteria.  The standards rule permits a provider to possess only the certified EHR technology necessary for the provider to meet the meaningful use criteria to which it is attesting.  Thus, providers attesting to the Stage 1 criteria need not posses technology enabled to satisfy the Stage 2 criteria.  ONC has also added new privacy and security standards to the new certification criteria.

The display copy of the Stage 2 Meaningful Use Final Rule is available here.  The ONC final rule is available here.  Both final rules are scheduled to appear in the Federal Register on September 4, 2012.

Reporters, Christopher Kenny, Washington, D.C., + 1 202 626 9253, and Joe Lynch, Washington D.C., + 1 202 626 8998,

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.