What’s different about MIPS from previous pay-for-performance programs is the departure from the all-or-nothing attitude of achieve all of the measures or receive a score of zero. MIPS functions on a scaled basis – get credit for the measures you perform and report. But like anything CMS does, there’s an exception: The Security Risk Analysis.
One of the categories, Advancing Care Information (ACI), replaces the Meaningful Use (MU) pay-for-performance program. Like its predecessor, ACI requires a Security Risk Analysis. ACI is broken down into two parts, the Base Score and the Performance Score. In order to achieve any points in the Base Score category, the Eligible Clinician (ECs) must have a valid Security Risk Analysis. Without achieving points in the Base Score category, ECs cannot achieve the maximum points possible for ACI.
Long story short? You need a Security Risk Analysis, every year, for both HIPAA and MIPS – your reimbursement depends on it.
In those infamous words, “But wait! There’s more!” Unlike the attitude that some previously held towards the SRA with MU, this is not just a checkbox on a long list of requirements. The OCR HIPAA Audits have taught us that the OCR is now not just checking to ensure the SRA is complete – they are studying the quality and comprehensiveness of answers to verify the SRA has been executed properly.
Don’t take the risk of an inadequate SRA. Your MIPS reimbursement and HIPAA compliance rely on it.
As healthcare compliance experts, MedTech Consulting Solutions, LLC. offers a comprehensive HIPAA compliance solution, which includes experts conducting your Security Risk Analysis for you and maintaining compliance in the future. If you’d like to learn more about the MedTech Solutions Security Risk Analysis solution, please email Joshua Nelson, our President, at Support@MedTechSolutions.orgor by filling out our online contact form HERE. Based on our conversation, we will provide a customized quote based on your total number of employees (including providers).