Skip to main content Homepage

Program Year 2021

Program Year 2021


  • Attestation Period: May 1, 2021 – October 15, 2021 (extended, original close date was August 31, 2021)
  • If you attested to Program Year 2020, you must have that attestation paid before attesting to 2021 

Program Year 2021 Requirements 

Many requirements from Program Year 2020 still exist for Program Year 2021. Please see below for a summary of requirements.

  • EHR Reporting Period
    • Minimum of any continuous 90-day period within calendar year 2021. 
    • Please note, because providers must submit their 2021 attestation by August 31, 2021, they must select a 90-day period between January 1, 2021 and October 15, 2021. 
  • Meaningful Use Stage
    • Stage 3 Only
      There are no changes to Stage 3 objectives and measure CMS specification sheets (same as 2020); however, please pay special attention to the requirements for the following objectives and measures, as they are typically the most challenging objectives for providers to meet.
      • Objective 1, Protect Patient Health Information
        Eligible Professionals (EP) must conduct or review a security risk analysis (SRA) of their Certified Electronic Health Record Technology (CEHRT), including addressing encryption/security of data and implementing updates as necessary at least once each calendar year.  If the SRA is not conducted/reviewed prior to October 15, 2021, EPs may submit it after attesting.  Organizations completing their SRA in late 2021 can submit documentation up until 1/31/22, but face potential of incentive payment recoupment if SRA is not received by 01/31/2022.
      • Objective 5, Measure 1 – API 
        To meet one of the requirements of this measure, an EP needs to fully enable the Application Programming Interface (API) functionality, such that any application chosen by a patient would enable the patient to gain access to their individual health information, provided that the application is configured to meet the technical specifications of the API. EPs may not prohibit patients from using any application, including third-party applications, which meet the technical specifications of the API, including the security requirements of the API. EPs are expected to provide patients with detailed instructions on how to authenticate their access through the API and provide the patient with supplemental information on available applications that leverage the API. Eligible Professionals should check with their vendors to ensure the API functionality has been enabled in their system. 
      • Objective 8, Measure 1 – Immunization Registry Reporting
        To meet one of the requirements of this measure, the exchange must be bidirectional. Bi-directionality provides that the CEHRT must be able to receive and display a consolidated immunization history and forecast in addition to sending the immunization record. EP should check with their vendors to ensure their system has been set up for bidirectional exchange. 
  • Certified EHR Technology 2015 Edition 
    Must be in place by the first day of EHR reporting period and must be certified to the 2015 Edition criteria by the last day of the reporting period 
  • eCQM Reporting Period 
    • Any continuous 90-day period within calendar year 2021. 
  • eCQM Reporting
    6 measures relevant to your scope of practice (47 available, aligned with MIPS) 

For additional information, please visit the CMS page, 2020/2021 Stage 3 Objectives for Eligible Professionals.

Your browser is out-of-date! It has known security flaws and may not display all features of this and other websites. Learn how