Deadline Details

Security Risk Assessment Due by Dec. 31
HIPAA requires practices to regularly review and document their administrative, physical, and technical safeguards to protect patients’ electronic protected health information. If you participate in the Medicare Merit-Based Incentive Payment System (MIPS), conducting or updating a risk assessment is a requirement in the Promoting Interoperability category. To meet the 2019 performance year requirements, you must complete your security risk assessment by Dec. 31. This is not an optional measure.
12/31/2019
If you do not perform a security risk assessment and you have a privacy breach, you may be subject to fines by the U.S. Office for Civil Rights, and the Texas attorney general also may bring civil actions and obtain damages on behalf of state residents for violations of the HIPAA rules. In addition, you will not be able to attest "yes" to the SRA measure for the MIPS Promoting Interoperability category and you will miss out on 25% of the possible points allocated in the MIPS program.
​Download the free tool on HealthIT.gov (www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool) and start working on your assessment. The Office of the National Coordinator for Health Information Technology, in collaboration with the U.S. Department of Health and Human Services Office for Civil Rights, developed a downloadable Security Risk Assessment Tool to help guide you. The tool is designed to help clinicians conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare & Medicaid Service electronic health record incentive program.