MACRA rules and regulations are going into effect in January of 2017. Many businesses are busy getting ready for the changes but were you aware that it also has a requirement for a HIPAA Security Assessment (SRA)? If you are not prepared for all of the changes, it is time to kick it in to high gear.
What is MACRA?
MACRA consists of three major changes to the way Medicare pays physicians who provide care to people with Medicare coverage. The changes it covers includes:
In addition to these changes, there will be two new Quality Payment Programs: MIPS (Merit-based Incentive Payment System) and APMs (Alternative Payment Models). These two new payment programs started to go into effect in some places in 2015 and will continue as a rolling implementation system through 2021. Through the systems, Medicare payments to physicians will be determined using a composite scoring system. The system is based on resource use, quality of service, meaningful use, and the improvement of the clinical practice over time. There is also the potential to have a significant increase of reimbursement with positive scores.
Why it is Important to Be HIPAA Compliant
In addition to simply being compliant because HIPAA is a federal rule and regulation, it could now impact your MACRA score positively or negatively. Being HIPAA compliant is one of the first components of MACRA. If you are not currently HIPAA compliant, then your practice is not even eligible for Medicare payments under MACRA. Now, you will not be paid just for providing services but the entire system is being changed. Not only must you say that you are HIPAA compliant, but you must also prove it by performing a HIPAA Security Risk Analysis (SRA) within the practice whenever necessary. Since the SRA is for the entire practice, it will need to be used by all physicians within the practice. Practices that do not comply with HIPAA rules and regulations, which focus around protecting and securing patient information, will have a score of 0 on the MACRA scale, resulting in no payments for any Medicare services provided. MACRA is emphasizing the importance of the security and protection of classified information as well as all patient information with this component of the new rule.
Are You Ready?
Being HIPAA compliant is something that you must do for your practice, not just because this is something that is required to get paid through MACRA. If you are not yet HIPAA compliant, it is time to start working towards that before you do anything else to raise your score with MACRA. Since it is a component to get paid at all, you must ensure compliance as soon as possible to even be eligible for payments. You can focus on the other things later but HIPAA compliance should be your primary concern going into January 2017.