With the MACRA MIPS 2019 deadline approaching, healthcare organizations must be aware of what is required of them to receive their reimbursements. Healthcare organizations seeking MACRA MIPS payment must complete a security risk analysis (SRA) before the December deadline.
How to Satisfy the MACRA MIPS Requirement
A security risk analysis must be conducted annually to ensure that protected health information (PHI) is adequately safeguarded; this is required of all healthcare organizations to maintain HIPAA compliance. If an organization does not complete an SRA not only will they not be HIPAA compliant, they will receive a score of ‘0’ in the Promoting Interoperability category of MACRA MIPS.
It is not enough to perform a “review” of your previous year’s security risk analysis (SRA) , a thorough security risk analysis must be completed each year. Many aspects of the security risk analysis may have remained unchanged from the previous year, however, it is important that an organization ensures this by going through the SRA step-by-step.
Completing a Security Risk Analysis (SRA)
Although it is possible to complete a Security Risk Analysis (SRA) on your own, it may be helpful to have an expert help you navigate the questions. An SRA evaluates your security practices and physical site to ensure that PHI is properly safeguarded. All of the questions are structured as ‘yes’ or ‘no’ answers, meaning that if you have only satisfied part of the requirement your answer would be ‘no.’ An organization should only answer ‘yes’ if they are fully confident that they have what is required.
Once an SRA is completed, gaps in security measures are identified. To address the gaps, organizations must develop a remediation plan with specific ways in which they are or will close the gaps. If no gaps are identified, it is likely that the SRA was not thorough enough.
Small-mid sized businesses may not have the resources to address the gaps identified by an SRA. Many of the safeguards that must be in place are related to IT security, without a dedicated IT staff it will be difficult to close some of the gaps identified.
Need Help Completing Your Security Risk Analysis?
Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the Guard, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.
To address HIPAA cybersecurity requirements, Compliancy Group works with IT and MSP security partners from across the country, who can be contracted to handle your HIPAA cybersecurity protection.