From Meaningful Use to MACRA – Security Risk Analysis is still first requirement

by | Nov 22, 2016 | CompassDB, Compliance & Security, Third Rock

The Department of Health and Human Services (HHS) issued its final rule implementing the Quality Payment Program (QPP) that is part of the Medicare Access and CHIP Reauthorization Act (MACRA).  The QPP will reform Medicare payments for more than 600,000 clinicians across the country, and is a major step in improving care across the entire health care delivery system.  As a provider you can choose how you want to participate in the QPP based on your practice size, specialty, location, or patient population.  The QPP has two tracks you can choose from: Advanced Alternative Payment Models (APMs) or The Merit-based Incentive Payment System (MIPS). MIPS replaces the existing Meaningful Use (MU), Physician Quality Reporting System (PQRS), and Value-Based Modifier (VBM).  Within MIPS the Advancing Care Information (ACI) replaces Meaningful Use, also known as the Medicare EHR Incentive Program.

Risk Assessment on PC Keyboard Background. Blue Risk Assessment Keypad on Keyboard. Risk Assessment Close Up of Computer Keyboard on a Modern Laptop. 3D Illustration.

As you know, Meaningful Use required a Security Risk Analysis (SRA).  It’s also important for you to know that MACRA lists the Security Risk Analysis as the first requirement to qualify and receive payments. Meaningful Use helped many providers learn about the Security Risk Analysis and MACRA continues that requirement.

Audit - White Word on Red Puzzles on White Background. 3D Illustration.

It’s very important to realize the SRA is the beginning step to becoming HIPAA Compliant.  The word on the street is that the Office of Civil Rights (OCR) plans to audit every provider within three years.  With an audit looming, it’s important to realize the OCR is also requiring that you have a body of evidence that shows you have been performing SRAs or Risk Assessments (Privacy and Security Risk Analysis) for several years.  You must also provide your body of evidence in electronic format.  With those requirements, it’s very important to use a compliance management tool to guide your through the HIPAA compliance process, to log everything involved and to generate a report for auditors in electronic format.

CompassDB is a compliance management tool that will save you time, effort, and money and is very affordable. For more information check out CompassDB.