In 1956, New York Welfare Commissioner Henry L. McCarthy said, “You have to spend money to save money.” This is true with MACRA. MACRA stands for Medicare Access and CHIP Reauthorization Act. It was signed by President Obama in 2015. It combined a few different Medicare programs into one called the Merit-based Incentive Payment System (MIPS). MIPS is a federal program that allows the following group of Eligible Professionals (EPs) to get Medicare/Medicaid “payment bonuses” (and also penalties) based on quality, resource use, clinical practice improvements, and using certain certified electronic health record technology.

  • Physicians
  • Physician Assistants
  • Certified Registered Nurse Anesthetists
  • Nurse Practitioners
  • Clinical Nurse Specialists
  • Groups that include such professionals

To be eligible for these financial incentives, EPs must have a security risk assessment performed. Partners in Regulatory Compliance (PIRC) can help medical professionals find and reduce risk and therefore be in alignment with MIPS. While Covered Entities always had to do risk assessments under the HIPAA Security Rule, there is now a financial incentive to avoid Medicaid / Medicare payment penalties. If you don’t have a security risk assessment performed, you will receive lower Medicare / Medicaid reimbursements, which directly affects your bottom-line growth. The MIPS Performance Year begins on January 1 and ends on December 31 each year. Program participants must report data collected during one calendar year by March 31 of the following calendar year. For example, program participants who collected data in 2017 must report their data by March 31, 2018 to be eligible for a payment increase and to avoid a payment reduction in 2019.