In October, Centers for Medicare and Medicaid Services (CMS) released the updated Quality Payment Program information containing the guidelines and metrics for the Merit-based Incentive Payment Systems model impacting reimbursement.

What’s different about MIPS from previous pay-for-performance programs is the departure from the all-or-nothing attitude of achieve all of the measures or receive a score of zero. MIPS functions on a scaled basis – get credit for the measures you perform and report. But like anything CMS does, there’s an exception: The Security Risk Analysis.

One of the categories, Advancing Care Information (ACI), replaces the Meaningful Use (MU) pay-for-performance program. Like its predecessor, ACI requires a Security Risk Analysis. ACI is broken down into two parts, the Base Score and the Performance Score. In order to achieve any points in the Base Score category, the Eligible Clinician (ECs) must have a valid Security Risk Analysis. Without achieving points in the Base Score category, ECs cannot achieve the maximum points possible for ACI.

Long story short? You need a Security Risk Analysis, every year, for both HIPAA and MIPS – your reimbursement depends on it.

In those infamous words, “But wait! There’s more!” Unlike the attitude that some previously held towards the SRA with MU, this is not just a checkbox on a long list of requirements. The OCR HIPAA Audits have taught us that the OCR is now not just checking to ensure the SRA is complete – they are studying the quality and comprehensiveness of answers to verify the SRA has been executed properly.

Don’t take the risk of an inadequate SRA. Your MIPS reimbursement and HIPAA compliance rely on it.


As healthcare data experts, ScanSTAT Technologies offers a comprehensive HIPAA compliance solution, which includes a team of experts conducting your Security Risk Analysis for you. If you’d like to learn more about the ScanSTAT Security Risk Analysis solution, please email Kathryn Ayers Wickenhauser, our Regulatory Compliance Advisor, at Kathryn.Wickenhauser@ScanSTATTechnologies.com. Kathryn will provide a customized quote based on your total number of employees (including providers).

Share This