Do Your Security Risk Assessment Before Dec. 31
By Ellen Terry


It’s no fun, but you have to do it: a HIPAA security risk assessment.

And if you participate in the Medicare Merit-Based Incentive Payment System (MIPS), conducting or updating a risk assessment is a requirement in the Promoting Interoperability category. In order to meet the 2019 performance year requirements, you must complete your security risk assessment by Dec. 31. This is not an optional measure. 

Thankfully, an upgraded tool from the U.S. Department of Health and Human Services (HHS) might make the assessment easier.

The Security Risk Assessment Tool 3.1 is designed to help practices with one to 10 physicians identify their risks and vulnerabilities with electronic protected health information (ePHI) and then implement appropriate security measures. 

In updating the tool, HHS incorporated feedback from practice managers and tested user experience. Enhancements include a progress tracker, detailed reports, a more logical workflow, and a business associate and equipment tracker, the HHS Office for Civil Rights says.

HIPAA requires practices to review and document their administrative, physical, and technical safeguards to regularly protect patients’ ePHI.

For more about HIPAA security safeguards and requirements, visit the TMA website’s electronic health record and HIPAA pages

Also, TMA’s practice management consultants can provide on-site staff training and compliance walk-throughs. Plus, TMA offers two on-point continuing medical education courses: HIPAA Security: Compliance and Case Studies and Complying With HIPAA Security. Those courses are free to TMA members, compliments of TMA Insurance Trust

Last Updated On

November 13, 2019

Ellen Terry

Project Manager, Client Services

(512) 370-1391

Ellen Terry has been writing, editing, and managing communication projects at TMA since 2000. She hails from Victoria, Texas; has a journalism degree from Texas State University; and loves to read great fiction. Ellen and her husband have two grown sons and a couple of cats.

More stories by Ellen Terry