MACRA is coming January 2017 and now HIPAA compliance is a must! Are you ready?

MACRA rules and regulations are going into effect in January of 2017. Many businesses are busy getting ready for the changes but were you aware that it also has a requirement for a HIPAA Security Assessment (SRA)? If you are not prepared for all of the changes, it is time to kick it in to high gear.


What is MACRA?

MACRA consists of three major changes to the way Medicare pays physicians who provide care to people with Medicare coverage. The changes it covers includes:

  • The creation of a new framework that rewards providers for giving high quality care
  • The repeal of the SGR (sustainable growth rate) formulation that has been determining the payments for services to providers from Medicare
  • The combination of all current quality reporting programs into one system

In addition to these changes, there will be two new Quality Payment Programs: MIPS (Merit-based Incentive Payment System) and APMs (Alternative Payment Models). These two new payment programs started to go into effect in some places in 2015 and will continue as a rolling implementation system through 2021. Through the systems, Medicare payments to physicians will be determined using a composite scoring system. The system is based on resource use, quality of service, meaningful use, and the improvement of the clinical practice over time. There is also the potential to have a significant increase of reimbursement with positive scores.

Why it is Important to Be HIPAA Compliant

In addition to simply being compliant because HIPAA is a federal rule and regulation, it could now impact your MACRA score positively or negatively. Being HIPAA compliant is one of the first components of MACRA. If you are not currently HIPAA compliant, then your practice is not even eligible for Medicare payments under MACRA. Now, you will not be paid just for providing services but the entire system is being changed. Not only must you say that you are HIPAA compliant, but you must also prove it by performing a HIPAA Security Risk Analysis (SRA) within the practice whenever necessary. Since the SRA is for the entire practice, it will need to be used by all physicians within the practice. Practices that do not comply with HIPAA rules and regulations, which focus around protecting and securing patient information, will have a score of 0 on the MACRA scale, resulting in no payments for any Medicare services provided. MACRA is emphasizing the importance of the security and protection of classified information as well as all patient information with this component of the new rule.

Are You Ready?

Being HIPAA compliant is something that you must do for your practice, not just because this is something that is required to get paid through MACRA. If you are not yet HIPAA compliant, it is time to start working towards that before you do anything else to raise your score with MACRA. Since it is a component to get paid at all, you must ensure compliance as soon as possible to even be eligible for payments. You can focus on the other things later but HIPAA compliance should be your primary concern going into January 2017.

For more information regarding MACRA and HIPAA, be sure to contact eSOZO Computer and Network Services in New Jersey via (888) 376-9648 or

Author: Aaron White, Date: 29th December 2016


eSOZO Computer and Network Services

4 Walter E Foran Blvd
Suite 301
Flemington, NJ 08822Phone: (888) 376-9648 Email:


Our Services
Real Time Analytics