New CMS MACRA Rule Kicks In, Factors HIPAA Compliance into New Payment Structure

Share Article

HIPAA Secure Now! to help medical practices achieve high MACRA scores with HIPAA security risk assessments.

News Image

HIPAA Secure Now! is set to handle security risk assessments that will be required of medical practices, under the new MACRA regulation (Medicare Access and CHIP Reauthorization Act), which commences January 1, 2017.

HIPAA Secure Now! helps medical practices comply with HIPAA, and protect their most valuable asset – electronic protected health information (ePHI). The company offers a suite of services, including security risk assessment (SRA), policies and procedures, employee training, live HIPAA consulting, and financial protection.

According to HHS officials, MACRA scoring will depend, in part, on HIPAA compliance and whether medical practices perform a thorough SRA. HIPAA Secure Now! will help medical practices understand MACRA scoring as it relates to HIPAA privacy and security, and perform SRAs to make sure doctors have taken proper steps to protect their ePHI across their entire IT network. For example:

  • HIPAA Secure Now! will guide physicians in locating where all ePHI is stored, whether it’s in the cloud or on servers, desktops, laptops or mobile devices. While the majority of ePHI may be stored in their EHR system, the SRA will also reveal if patient information is stored in Word documents in the form of patient letters, Excel spreadsheets in the form of billing reports, scanned images of Insurance Explanation of Benefits (EOB), and any other sources. An SRA always needs to be performed, regardless of where ePHI is located.
  • HIPAA Secure Now! will analyze how patient information is being protected, i.e., back up processes, procedures in place for disaster recovery, and how do deal with lost/ stolen laptops containing ePHI. The SRA will also review procedures for minimal level of access to ePHI by employees, plus termination procedures when employees leave.
  • HIPAA Secure Now! will counsel physicians on having a response plan in case a breach does occur, and help implement that plan in the event of a breach. The plan must specify who will be on the response team, what actions the team will take to address the breach, and the steps they’ll take to prevent another breach from occurring. The SRA will make sure a plan exists and all employees are trained in how to respond.

MACRA, established by the Center for Medicare and Medicaid Services (CMS), ties medical
reimbursements to improved care and better outcomes for patients, while lowering costs. Fees paid to physicians will be scored based on performance and quality metrics, all in an effort to move to value based care.

Initially physicians can see their payments vary by +/- 4% based on their MACRA scores. By 2020 payments will vary by +/- 9%.

In particular, physicians who participate in the MACRA Merit-Based Incentive Payment System (MIPS) will be scored on their extensive use of their EHR systems over time. To earn any score they’ll need to prove that their ePHI is being protected. Failure to safeguard ePHI with the proper IT security controls will result in zero scores, which could have a material impact on the MACRA fee adjustment, and overall Medicare reimbursement.

About HIPAA Secure Now!

HIPAA Secure Now! has been helping clients comply with the HIPAA Security and Privacy Rules since 2009. The company’s all-in-one solution provides a Security Risk Assessment, which also satisfies Meaningful Use and MACRA requirements, as well as privacy and security policies and procedures, and training. HIPAA Secure Now! moves customers toward HIPAA compliance quickly and easily, and protects them in the event of an audit or investigation. Customers can complete the entire process in less than three hours, and regularly comment that it is painless and has made their lives easier. For more information visit


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Shelly Gordon
Visit website