Altex Business Solutions Blog
HIPAA Security Risk Analysis in order to maximize your MIPS score
As we move into the second half of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program. The MACRA/MIPS rules change slightly every year, and this year is no exception. Even though the rules have been adjusted, a basic requirement remains in place:
You will need to perform a HIPAA Security Risk Analysis in order to maximize your MIPS score and avoid negative Medicare payment adjustments.
Interested in a further explanation? See below:
Your 2018 MIPS score is divided into four categories:
- Promoting Interoperability replaces Advancing Care Information from last year, and it remains the category that involves the HIPAA Security Risk Analysis.
- Promoting Interoperability has a base score, a performance score, and a bonus score.
- The base score is 50% of the overall Promoting Interoperability score.
- There are several base score measures that are required. One of them is the requirement to perform a HIPAA Security Risk Analysis.You’ll need to meet the requirements of all the base score measures in order to receive the 50% base score. If these requirements are not met, you will get a 0 for the overall Promoting Interoperability performance category score.
Conclusion: Not performing an SRA gets a zero-base score, a zero-performance score and a very low overall Promoting Interoperability score. This represents 25% of your total MIPS score. Best practice would dictate that you have a Security Risk Analysis performed and dated in 2018. Of course, performing a Security Risk Analysis is always required for HIPAA compliance, regardless of whether a practice receives reimbursement from Medicare.