Deadline Details

Security Risk Assessment Due by Dec. 31
HIPAA requires practices to regularly review and document their administrative, physical, and technical safeguards to protect patients’ electronic protected health information. If you participate in the Medicare Merit-Based Incentive Payment System (MIPS), conducting or updating a security risk assessment (SRA) is a requirement in the Promoting Interoperability category. To meet the 2021 performance year requirements, you must complete your risk assessment by Dec. 31. This is not an optional measure.
12/31/2021
If you do not perform a security risk assessment and you have a privacy breach, you may be subject to fines by the U.S. Office for Civil Rights, and the Texas attorney general also may bring civil actions and obtain damages on behalf of state residents for violations of the HIPAA rules. In addition, you will not be able to attest "yes" to the SRA measure for the MIPS Promoting Interoperability category, and you will miss out on 25% of the possible points allocated in the MIPS program.
Download the free tool on HealthIT.gov (www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool) and start working on your assessment. The Office of the National Coordinator for Health Information Technology, in collaboration with the U.S. Department of Health and Human Services Office for Civil Rights, developed this downloadable Security Risk Assessment Tool to help clinicians conduct an assessment as required by the HIPAA Security Rule and the Centers for Medicare & Medicaid Service electronic health record incentive program.