Deadline Details

Complete Medicare Merit-Based Incentive Payment System (MIPS) Security Risk Assessment by Dec. 31, 2020
If you participate in the Medicare Merit-Based Incentive Payment System (MIPS), conducting or updating a risk assessment is a requirement in the Promoting Interoperability category. HIPAA requires that practices regularly review and document their administrative, physical, and technical safeguards to protect patients’ electronic protected health information (ePHI).
12/31/2020
If you do not complete your security risk assessment by Dec. 31, you will not meet the 2020 MIPS performance year requirements. This is not an optional measure.
The Security Risk Assessment Tool 3.2 from the U.S. Department of Health and Human Services, which is free to download and use, is designed to help practices with one to 10 physicians identify their risks and vulnerabilities with ePHI and then implement appropriate security measures. Find the tool at www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool.