move towards the end of the year, many practices and physicians are starting to
consider the data they will need to submit under the MACRA/MIPS program.
The MACRA/MIPS rules change slightly every year, and this year is no
exception. Even though the rules have been adjusted, a basic requirement
remains in place:
will need to perform a HIPAA Security Risk Analysis in order to maximize your
MIPS score and avoid negative Medicare payment adjustments.
in a further explanation? See below:
2018 MIPS score is divided into four categories:
Activities (15 points)
Interoperability (25 points)
- Promoting Interoperability replaces
Advancing Care Information from last year, and it remains the category that
involves the HIPAA Security Risk Analysis.
- Promoting Interoperability has a base
score, a performance score, and a bonus score.
- The base score is 50% of the overall Promoting
- There are several base score measures that
are required. One of them is the requirement to perform
a HIPAA Security Risk Analysis. You’ll
need to meet the requirements of all the base score
measures in order to receive the 50% base score. If these requirements are not
met, you will get a 0 for the overall Promoting Interoperability performance
performing an SRA gets a zero-base score, a zero-performance score and a very
low overall Promoting Interoperability score. This represents 25% of your
total MIPS score. Best practice would dictate that you have a Security Risk
Analysis performed and dated in 2018. Of course, performing a
Security Risk Analysis is always required for HIPAA compliance, regardless of
whether a practice receives reimbursement from Medicare.
Does Your Practice Have Questions Regarding a
Security Risk Assessment?
MedSafe is the
nation's leading one-stop resource for outsourced safety and health compliance
solutions in healthcare. If you have questions regarding a Security Risk
Assessment for your medical practice, contact the experts at MedSafe for a free