Most healthcare organizations will have to perform a Security Risk Analysis (SRA) to comply with MIPS. For those of you familiar with the previous Meaningful Use program, the Promoting Interoperability SRA is the same, requiring you to:

Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI data created or maintained by certified EHR technology in accordance with requirements in 45 CFR164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the MIPS eligible clinician’s risk management process.

Primaris has been conducting SRAs since 2011 with a structured, streamlined approach.

Does your organization have the skills, knowledge and time to perform a quality SRA that will stand up to scrutiny? Primaris has the proven experience to help.

The Primaris Approach.
By following the National Institute of Standards and Technology (NIST) SP 800-30 risk assessment methodology, our work will include:

  • A framework to establish an ongoing HIPAA Risk Assessment program.
  • Identifying and assessing potential risks, vulnerabilities and areas of greatest concern.
  • Guidance on risk mitigation.

The Primaris Delivery.
When we complete your basic SRA, you will receive:

  • A completed SRA with recommended remediation actions.
  • Facility walkthrough notes.
  • Sample security policy.
  • Privacy security breach reporting management plan.
  • Recommendation for ongoing security updates.

Contact us today to discuss our SRAs for MIPS in more detail.


 Primaris Security Risk Analysis CTA








If you are a practice or provider in Missouri or Kansas, assistance may be available to you through our TMF QIN-QIO work. Contact Quality Improvement Consultant  Katy Bennett-Blumer today to learn more.