No. 1 Tech Tip for Earning MIPS Points

By: Robbie Morris on Jul 9, 2018 3:15:12 PM

shutterstock_389718598All healthcare providers that accept Medicare or Medicaid patients have heard of MACRA (Medicare Access and CHIP Re-authorization Act), a reward-based financial reimbursement program for providers that deliver a higher quality of care and increased positive patient health outcomes at lower costs. That’s where MIPS – Merit-based Incentive Payment System – comes in and our best tip for earning the points you need to get a full reimbursement.

Understanding MIPS

MIPS has four connected pillars that affect how you will be paid by Medicare – Quality, Clinical Practice Improvement Activities (referred to as “Improvement Activities”), Certified EHR Technology (referred to as “Advancing Care Information”), and Resource Use (referred to as “Cost”). This structure was deliberately created to ensure that clinicians have flexibility to focus on measures that are the most relevant to them and their practices. In order to receive the 50 percent base score in the Advancing Care Information, MIPS eligible clinicians must be able to say that they have completed a  Security Risk Analysis (SRA) measure.

What many providers don’t realize, however, is that BOTH the technology AND non-technology elements need to be reviewed in a true SRA. This includes cybersecurity setup and management as well as facility policy/procedures of the healthcare provider.  

A True SRA

Consequently, there is still some confusion in the provider community on what exactly constitutes a thorough Security Risk Analysis. A true HIPAA-required risk analysis includes a risk assessment of Patient Healthcare Information (PHI), review of facility policies and procedures, employee interviews for a HIPAA-HITECH audit, a thorough analysis of operational threats, and more.

In the Advancing Care Information score, clinicians must submit a yes or no response to the question about conducting an SRA. If you were to answer “no” to security risk assessment, you would get a zero for that objective and would not earn any points for Advancing Care Information. As a reminder, if you do not fulfill the base score, you will not be able to earn a performance score or a bonus score.

Upcoming Webinar

Learn more about our required Security Risk Assessments for MACRA and MIPS in our upcoming Webinar: The Key to Healthcare Risk Management.

Robbie Morris is the Vice President of Healthcare and Security Solutions at C Spire. Contact him at

Topics: Healthcare, Cybersecurity

C Spire Business is a privately-held telecommunications and technology company driven to deliver the best experiences in wireless, fiber internet, and business IT solutions such as internet, VoIP, cloud and managed services. Read more news releases and announcements at For more information, visit or find us on Facebook, Twitter or Instagram.

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.