HIPAA and MACRA/MIPS 2018- What You Need To Know

HIPAA and MACRA/MIPS 2018- What You Need To Know

Published: October 15th, 2018

As we move towards the end of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program.  The MACRA/MIPS rules change slightly every year, and this year is no exception.  Even though the rules have been adjusted, a basic requirement remains in place: 


You will need to perform a HIPAA Security Risk Analysis in order to maximize your MIPS score and avoid negative Medicare payment adjustments.

Interested in a further explanation? See below:

Your 2018 MIPS score is divided into four categories: 

Quality (50 Points)

Cost (10 Points)

Improvement Activities (15 points)

Promoting Interoperability (25 points) 


  • Promoting Interoperability replaces Advancing Care Information from last year, and it remains the category that involves the HIPAA Security Risk Analysis. 
  • Promoting Interoperability has a base score, a performance score, and a bonus score.
    • The base score is 50% of the overall Promoting Interoperability score.
  • There are several base score measures that are required. One of them is the requirement to perform a HIPAA Security Risk Analysis. You’ll need to meet the requirements of all the base score measures in order to receive the 50% base score. If these requirements are not met, you will get a 0 for the overall Promoting Interoperability performance category score.


Conclusion:  Not performing an SRA gets a zero-base score, a zero-performance score and a very low overall Promoting Interoperability score.  This represents 25% of your total MIPS score. Best practice would dictate that you have a Security Risk Analysis performed and dated in 2018.  Of course, performing a Security Risk Analysis is always required for HIPAA compliance, regardless of whether a practice receives reimbursement from Medicare.


Does Your Practice Have Questions Regarding a Security Risk Assessment?

MedSafe is the nation's leading one-stop resource for outsourced safety and health compliance solutions in healthcare. If you have questions regarding a Security Risk Assessment for your medical practice, contact the experts at MedSafe for a free consultation.

Toll-free: (888) MED-SAFE