Note: Practice Fusion is committed to supporting our customers participating in MIPS in 2017. As a MIPS participant in 2017, you can use the Practice Fusion EHR and other tools to help you monitor your MIPS performance during your chosen 2017 reporting period. We are also continuing to actively work to further enhance our product functionality for MIPS and we will be giving further updates as they become available.
Under the Merit-based Incentive Payment System (MIPS) pathway of the MACRA Quality Payment Program, the Advancing Care Information (ACI) category replaces the Medicare EHR Incentive Program (Meaningful Use). ACI is one of the three performance categories that will be considered and weighted for scoring a clinician’s performance under MIPS (four categories will be included starting in 2018). A clinician’s score for the Security Risk Analysis measure is dependent on the clinician meeting the measure’s base score requirements. For more information on ACI scoring methodology, please click here.
|Objective:||Protect Patient Health Information|
|Measure:||Security Risk Analysis|
Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)
- including addressing the security (to include encryption) of ePHI data created or maintained by CEHRT in accordance with requirements in 45 CFR164.312(a)
- (iv) and 45 CFR 164.306(d)
- and implement security updates as necessary and correct identified security deficiencies as part of the MIPS eligible clinician’s risk management process. | | Scoring information: | - Required for Base Score (50%): Yes - Percentage of Performance Score (up to 90%): None - No bonus points available |
- YES/NO: To meet this measure, eligible clinicians must attest YES to conducting or reviewing a security risk analysis and implementing security updates as necessary and correcting identified security deficiencies.
ONC Security Risk Analysis (SRA) Tool
In collaboration with the HHS Office for Civil Rights, the ONC released a tool to help practices conduct and document a comprehensive assessment to identify risks in their organizations. The SRA tool also produces a report that can be useful for audits.
Since your practice is unique and you know your practice best, you are ultimately responsible for adopting and implementing security and privacy measures that are appropriate and reasonable for your practice’s needs and capabilities.
For additional support, you should consult with a qualified professional who can use his or her expertise to help mitigate potential risks, identify potential areas for improving security, and train your staff. CMS has also created a Security Risk Analysis Tip Sheet to help you understand this requirement.
Make sure to keep any documentation you use for your records to prove you have completed this measure during your selected performance period.
- Review the CMS specifications for more information about this measure.
- Practice Fusion Suggested Workflow
- For more information on the Merit-based Incentive Payment System (MIPS) program, you can visit Practice Fusion’s Quality Payment Program Knowledge Base.
- CMS also provides further resources about the Quality Payment Programhere.
What is the Quality Payment Program?
Quality Payment Program is the name given to the new Medicare value-based reimbursement system. The program has two tracks for participation: MIPS and APM
What are APMs?
MACRA allows providers who take further steps towards transforming healthcare to be exempt from MIPS and participate in Advanced Alternative Payment Models (APMs).
How to prepare
Individual eligible providers can prepare to meet all MIPS measures and be ready to avoid penalties and earn bonuses on January 1, 2017.