MIPS & Medicare - How to do Mandatory Security Risk Analysis Measure

Tuesday, November 30, 2021

10:00 AM PST | 01:00 PM EST

90 Minutes
Paul R. Hales
Webinar Id:
2 Days Left To Register


One Attendee
Unlimited Attendees


One Attendee
Unlimited Attendees ?


Live + Recorded
$299 $348  
One Attendee
Live + Recorded
$599 $698  
Unlimited Attendees ?


In 2011, CMS established the Medicare and Medicaid EHR Incentive Programs requiring Eligible Clinicians, Eligible Hospitals, and Critical Access Hospitals (CAHs) to demonstrate Meaningful Use of certified EHR technology (CEHRT) to receive financial incentives.

MACRA, the Medicare Access and CHIP Reauthorization Act of 2015 caused CMS to modify what had been called Meaningful Use by introducing a separate Quality Payment Program (QPP) for Medicare Eligible Clinicians and the Promoting Interoperability Program for Eligible Hospitals and CAHs. One thing has remained constant since 2011: The mandatory requirement under both programs to qualify for financial incentives that Eligible Clinicians, Eligible Hospitals and CAHs perform HIPAA compliant Risk Analysis and Risk Management (RA-RM) each calendar year. However:

  • No CEHRTs include HIPAA RA-RM tools or instructions
  • Use of CEHRT does not fulfil the mandatory HIPAA RA-RM requirement
  • The HIPAA Security Rule does not explain how to do a HIPAA RA-RM
  • OCR’s brief RA-RM guidance on its website created in 2010 requires that attesting clinicians and hospitals refer to and follow procedures found only in NIST technical computer security manuals
  • OCR has issued several versions of an ‘SRA Tool’ designed only for small providers and carries a disclaimer that use of the SRA Tool does not guarantee HIPAA compliance

This webinar will explain clearly how to meet CMS QPP and Promoting Interoperability program requirements by performing and documenting your annual, mandatory HIPAA Risk Analysis & Risk Management requirement and:
  • Step-by-Step NIST procedures to perform a HIPAA RA-RM demonstrated by screen shots of interactive forms guiding any user through a HIPAA compliant RA-RM whether or not they have a technical background; and
  • Why RA-RM is so important beyond meeting CMS CEHRT Incentive Program requirements
Most important, you’ll see how to identify and manage Risks to the Privacy and Security of protected health information (PHI) maintained and transmitted in any form that seriously endanger your organization’s well-being HIPAA RA-RM is easy to do step-by-step - when you know the steps

Why should you Attend:
Whether you are an Eligible Clinician, Eligible Hospital or CAH, the CMS Incentive Program requires you to perform HIPAA compliant Risk Analysis and Risk Management (RA-RM) each calendar year for which you receive a CEHRT financial incentive. If you don’t but say you did, you could not only be forced to give up the financial incentive; you could be subject to a criminal violation of the False Claims Act.

This webinar will show you what you need to do to meet the CMS HIPAA RA-RM measure, how to do a complete HIPAA RA-RM step-by-step and how easy it is to follow those steps when they are explained.

You should attend this this webinar to learn why you must worry about not doing a HIPAA RA-RM properly - and how you can stop worrying by simply doing a HIPAA RA-RM as required every year.

Areas Covered in the Session:
  • The exact CMS QPP and Promoting Interoperability HIPAA RA-RM Required Measures you must attest that you have completed and documented
  • HIPAA RA-RM in 3 Acts
    • Act 1 - Setup - Risk Analysis
    • Assemble Information - Identify, Document and Assess level of Risks
    • Act 2 - Confrontation - Risk Management - Documented Actions to Manage Risks
    • Act 3 - Resolution - Risk Management Program - Focused on your Organization’s Risks - Documented and Active
  • Realistic understanding of the danger senior management, owners and organizations face if they fail to do HIPAA RA-RM
  • Clear, easy to understand explanation of HIPAA Risk Analysis and Risk Management following NIST procedures demonstrated onscreen by illustrations from interactive software based on NIST procedures interlinked with HIPAA standards, implementation specifications and compliance policies and procedures
  • How administrative staff of Covered Entities and Business Associates of any size can complete a HIPAA RA-RM efficiently every year with step-by-step guidance even if they have never done one before

Who Will Benefit:
Medicare Eligible Clinicians, Eligible Hospitals and CAHs using CEHRT
  • Health Care Provider Owners
  • Health Care Provider Practice Managers
  • Health Care Provider CFOs
  • HIPAA Compliance Officials
  • HIPAA Privacy and Security Officers
  • Health Information Technology Supervisors
  • Health Care Provider Risk Managers
  • Attorneys for Covered Entities - In-house and Outside Counsel
  • Compliance Committee - Health Care Provider Board of Trustees
  • C-Suite Executives - all Health Care Providers

Speaker Profile
Paul R. Hales, J.D. is widely recognized for his expert knowledge and ability to explain the HIPAA Rules clearly in plain language. Paul is an attorney licensed to practice before the Supreme Court of the United States and a graduate of Columbia University Law School with an international practice in HIPAA privacy and security. He is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Covered Entities, Business Associates, Health Plans and Third Party Administrators.

You Recently Viewed