What is MACRA?

MACRA, short for the Medicare Access and CHIP Reauthorization Act of 2015, is a federal law that changed the payment system for doctors who treat Medicare patients. 

What is the MACRA Quality Payment Program?

MACRA, commonly referred to as the Permanent Doc Fix, created a Quality Payment Program that:

  • Repealed the Sustainable Growth Rate (SGR) formula. That formula had previously been used by the Centers for Medicare and Medicaid Services (CMS) to control spending by Medicare on physician services. The SGR formula was used to ensure that the yearly increase in the expense per Medicare beneficiary did not exceed that year’s gross domestic product (GDP) growth. Under MACRA, Medicare doctor pay is no longer tied to economic growth; rather, the payment formula under MACRA focuses on quality of care and patient outcome measures. Patient outcome measures are defined as changes in the health of an individual, a group of people, or population, that are attributable to an intervention. Outcome measures include mortality, readmission, and patient experience measures, among others.  
  • Streamlined multiple quality programs under the new Merit Based Incentive Payments System (MIPS).

2019 MACRA MIPS quality measures fall under four performance categories, including:

  • Cost (based on overall Medicare claims)
  • Quality (based on clinical specialties and practices)
  • Clinical Practice Improvement Activities (based on efforts like improved coordination of care, safety, and beneficiary engagement)
  • Advancing Care Information 

What is the Advancing Care Information Measure?

The Advancing Care Information performance category directly involves compliance with the HIPAA Security Rule. This category was created to promote patient engagement, and the electronic exchange of health information using certified electronic health record technology (CEHRT).

The Advancing Care Information MIPS measure is fulfilled, in part, by conducting a HIPAA security risk analysis. Under the Medicare Access and CHIP Reauthorization Act, the purpose of the assessment is to secure protected health information (PHI).

The risk analysis consists of the following:

  • Addressing the security (to include encryption) of electronic protected health information (ePHI) data created or maintained by certified electronic health record technology (CEHRT)
  • Implementing security updates as necessary
  • Correcting identified security deficiencies as part of the MIPS-eligible provider’s risk management process

See How It Works