Instead of “hoping” not to get audited, consider this: your organization can have guaranteed compliance with HIPAA One® because CMS has extended the Meaningful Use attestation period to February 29, 2016!
Good news – with the mixed-bag of recent news from CMS, the boat has not yet left the dock! If you conducted a “last-minute” spreadsheet or checklist to meet December 2015 deadline, the odds of passing an audit are not good. Take advantage of the extension and guarantee compliance with HIPAA One®.
Both Meaningful Use Stage 1 and Stage 2 require that a Security Risk Analysis be completed as part of the Medicare and Medicaid EHR Incentive Programs. In spite of the recent proclamation from CMS that MU will end in 2016; any Eligible Provider (EP) or Eligible Hospital (EH) must still file for 2015. The specific requirements to “Protect Electronic Health Information” are described by CMS as listed in the following table:
The filing period for Meaningful Use Attestation and reporting is from January 4 through February 29, 2016. This means that if you were not able to complete your Security Risk Analysis (SRA) during calendar year 2015; there is still time! The SRA will need to be for 2015 and cannot be used for the 2016 reporting year.
HIPAA One® has a simple and automated solution for the SRA process; using a cloud-based, step-by-step- approach (see quick video here: https://youtu.be/9G_B7U_pnuo). As such, you will be able to comprehensively address the HIPAA required safeguards (listed below) in an efficient, logical and clear fashion:
A “new program” is slated to be announced by CMS on or about March 25, 2016 that will replace (some think “augment”) the current MU program. It will focus less on technology adoption and more on clinical outcomes and value-based reimbursement. There will also be special attention paid to APIs and interoperability. That said; data security will still be of paramount concern.
The new MACRA (Medicare Access and CHIP Reauthorization Act of 2015) program will still include some version of the EHR incentive (not yet defined) and certainly will still include the Security Risk Assessment. The key elements are The Merit-Based Incentive Payment System (MIPS) and Alternative Payment Models (APMs).
HIPAA One®’s take:
With respect to the MU Program:
- Current participants still need to complete attestation / reporting:
- By 02/29/2016
- HIPAA Security Risk Analysis (SRA) is always required
- A “new program” is slated to be announced on or about 03/25/2016
- There will still be quality and process measures
- The SRA is still a requirement – ePHI Systems/Assets always need to be secured
- The new program will focus on “patient outcomes rather than technology use”
- The new MACRA program will still include some version of the EHR incentive (not yet defined)
- The FY2016 Budget for OCR was increased 10% over FY2015 to support additional audit activity
- Specific information as to the number of audits is still sketchy
- The Inspector General of DHHS has pushed on OCR to be more prospective in audits
- OCR has hired “FCi Federal” as a contracted auditor for at least 200 audits in FY2016
- HIPAA Security Risk Analysis is the benchmark for any Risk Management Program
- Reducing risk to patient breaches is saving goodwill, time and money
- HIPAA One® provides operational clarity for staff to know what is needed to maintain a great code of conduct
- Keep your Meaningful Use Incentives and avoid payment discounts by maintaining automated documentation proving compliance
HIPAA One® has over 1600 sites leveraging the streamlined, best-of-breed cloud-based HIPAA Security Risk Analysis Software (SRA) and has a fully-certified Audit Support Team (AST) to provide support & consulting solutions. We have a full-service package for awareness training, Privacy, Breach Notification, Policies and Procedures, and more.
Contact us today at www.hipaaone.com/contact to learn more. HIPAA One® guarantees compliance for your 2015 Meaningful Use Security Risk Assessment for 164.308(a)(1)(ii)(A) so you be assured you are compliant.