The primary purpose of security risk analysis for MIPS/MACRA is to identify key technical vulnerabilities in the electronic Protected Health Information (ePHI) and EHR systems environments.  In order to implement appropriate technical controls, eligible professionals and hospitals need to conduct a security risk analysis in accordance with the requirements under HIPAA security rule 45 CFR 164.308(a)(1), apply security updates as necessary, and correct identified security deficiencies as part of their risk management process before MU/MIPS attestation deadline.

The Office of the National Coordinator for Health Information Technology (ONC) recognizes that conducting a risk assessment can be a challenging task which requires outside assistance.

Attend our free, live 50-minute webinar to learn about how to prepare and attest to MIPS/MACRA Security Risk Assessment requirements.