Blog

No. 1 Tech Tip for Earning MIPS Points

By Robbie Morris on Jul 9, 2018 3:15:12 PM

shutterstock_389718598All healthcare providers that accept Medicare or Medicaid patients have heard of MACRA (Medicare Access and CHIP Re-authorization Act), a reward-based financial reimbursement program for providers that deliver a higher quality of care and increased positive patient health outcomes at lower costs. That’s where MIPS – Merit-based Incentive Payment System – comes in and our best tip for earning the points you need to get a full reimbursement.

Understanding MIPS

MIPS has four connected pillars that affect how you will be paid by Medicare – Quality, Clinical Practice Improvement Activities (referred to as “Improvement Activities”), Certified EHR Technology (referred to as “Advancing Care Information”), and Resource Use (referred to as “Cost”). This structure was deliberately created to ensure that clinicians have flexibility to focus on measures that are the most relevant to them and their practices. In order to receive the 50 percent base score in the Advancing Care Information, MIPS eligible clinicians must be able to say that they have completed a  Security Risk Analysis (SRA) measure.

What many providers don’t realize, however, is that BOTH the technology AND non-technology elements need to be reviewed in a true SRA. This includes cybersecurity setup and management as well as facility policy/procedures of the healthcare provider.  

A True SRA

Consequently, there is still some confusion in the provider community on what exactly constitutes a thorough Security Risk Analysis. A true HIPAA-required risk analysis includes a risk assessment of Patient Healthcare Information (PHI), review of facility policies and procedures, employee interviews for a HIPAA-HITECH audit, a thorough analysis of operational threats, and more.

In the Advancing Care Information score, clinicians must submit a yes or no response to the question about conducting an SRA. If you were to answer “no” to security risk assessment, you would get a zero for that objective and would not earn any points for Advancing Care Information. As a reminder, if you do not fulfill the base score, you will not be able to earn a performance score or a bonus score.

Upcoming Webinar

Learn more about our required Security Risk Assessments for MACRA and MIPS in our upcoming Webinar: The Key to Healthcare Risk Management.

Robbie Morris is the Vice President of Healthcare and Security Solutions at TekLinks + C Spire. Contact him at info@teklinks.com.

Topics: Healthcare, cybersecurity


WHO IS TEKLINKS? A national leader in cloud computing, managed services, engineering services, and value-added resale. We’re a team of expert techies and business professionals who are passionate about building valuable relationships and getting things done right. Simply put: We make IT work for business.