Primaris has joined with AFMC, an Arkansas quality improvement organization, to offer security risk analysis (SRA) services to healthcare provider clients. Primaris, a healthcare industry consultant with 35 years’ experience, is based in Missouri. AFMC’s background covers 46 years as a Medicare quality improvement organization (QIO) and one of the first organizations in the country to help shepherd in Medicare improvement initiatives.
The SRA services are important because all healthcare provider organizations that create, receive, maintain, or transmit electronic health information are subject to the HIPAA Security Rule.
This rule requires entities to conduct an annual risk assessment of their organization to ensure the privacy and security of their patients’ protected health information.
Guests for Quality Talk episode 56 are Primaris CEO Richard A. Royer, AFMC CEO and President Ray Hanley, and Eldrina Easterly, AFMC’s outreach manager and Health IT lead.
Just a few episodes back, Quality Talk examined the recent partnership between Primaris and Healthmonix that is designed to help practices and physicians optimize their quality reporting, scores, and reimbursements under the Merit-based Incentive Payment System (MIPS). Listen: The Nuts and Bolts of a New Partnership.
From Episode 56.
Rick Royer: “As we know, the healthcare world is changing on nearly a weekly basis, and there are more demands placed upon providers. One is for SRA that measures cybersecurity in medical groups or a physician’s office.” He explained that SRAs are necessary for HIPAA compliance in addition to some of the new Medicare incentive payment programs.
Ray Hanley: “AFMC and Primaris have a lot in common. We are especially in tune to small, underserved rural practices … We’re well-positioned to offer SRA to the physician practices in Missouri and other places because, quite simply, we have the expertise and indepth knowledge of HIPAA compliance standards and the SRA requirements.”
Royer agreed, adding, “We didn’t have the horses to be able to do the work that AFMC has done so well. We thought, ‘Let’s take advantage of what our neighbors and friends can do to deliver a superior, cost-effective program.”
News release announces partnership.
“Both Primaris and AFMC have been involved in SRA work for several years, so this isn’t a mystery to us,” Royer said in a Nov. 27 news release. “But we still hear providers ask, ‘Is this necessary?’, and the answer is a resounding ‘yes.’”
Royer noted that failure to perform an SRA results in a zero for the provider or ACO’s entire score for the “promoting interoperability” (PI) category of the Merit-based Incentive Payment System.
The Security Rule requires providers to evaluate risks and vulnerabilities in their environment and to take the appropriate security measures to protect the integrity and security of their patients’ health information. SRAs should be performed or reviewed annually to be HIPAA compliant and meet mandatory requirements for many incentive programs such as the Quality Payment Program and Meaningful Use.
“We are excited about working with Primaris to help their clinician clients identify security and privacy threats and vulnerabilities to their patients’ health information,” Hanley said. “Our team of security health IT professionals has successfully conducted more than 1,500 SRA over the past 10 years. Our proprietary tools and processes address the key SRA components of technical, administrative and physical safeguards.”
Hanley said the goal of Primaris and AFMC is “to help the clinicians identify and lower their risks, reduce the clinical staff burden, and implement best practices.”
About Ray Hanley and AFMC.
Hanley joined the organization in 2010. Before that, he spent 28 years with the Arkansas Department of Human Services, including 16 years as director of Arkansas Medicaid. He left to join Hewlett Packard as the client industry executive for HP’s State Health and Human Services business.
Hanley: “Our scope has greatly expanded over the years and has included being Arkansas’ Quality Improvement Organization for CMS, the state’s Regional Extension Center by the Office of the National Coordinator for Health Information Technology, and now part of the TMF QIN-QIO contract for CMS with Texas, Oklahoma, Puerto Rico and Primaris in Missouri.”
AFMC also works with TMF on the CMS contract for the Quality Payment Program providing support for small, underserved and rural practices (SURS) in Texas, Oklahoma, Louisiana, Colorado, Mississippi, Puerto Rico and Primaris in Missouri and Kansas.
Hanley’s summary of AFMC’s experience:
- We have expertise and in-depth knowledge of HIPAA compliance standards and SRA requirements.
- We have developed proprietary tools and processes that address the key SRA components: Technical, administrative and physical safeguards.
- We provide a unique opportunity by offering a SRA Virtual Assessment
AFMC’s set of proprietary tools and processes help relieve the burden of performing the SRA.
- This is not a “do it yourself” analysis. AFMC works with the practice to assist them through the process.
- AFMC offers a customized set of privacy and security policies and procedures to practices. And if a practice has their own set of policies and procedures, with the tools, AFMC can help them align policies with HIPAA standards. If there are gaps in their policies, AFMC can help supplement those gaps.
- The SRA is not just a requirement for MIPS or Promoting Interoperability (formerly Meaningful Use), it is a HIPAA compliance requirement. It is vital to protect your patients’ information.
Recapping Episode 56.
Just a quick recap about the need for an SRA – a security risk analysis. All healthcare provider organizations that create, receive, maintain, or transmit electronic health information are subject to the HIPAA Security Rule. This rule requires entities to conduct an annual risk assessment of their organization to ensure the privacy and security of their patients’ protected health information.
AFMC's Security Risk Analysis services. Learn more here.
Primaris's Security Risk Analysis services. Learn more here.
Primaris is a healthcare consulting and services firm that works with hospitals, physicians and nursing homes to drive better health outcomes, improved patient experiences and reduced costs. Primaris takes healthcare data and translates it into actionable quality improvement initiatives that create the foundation for highly reliable healthcare organizations. For more information, visit www.primaris.org and follow @primaris_health.
For more than 46 years, AFMC has worked to improve the health of Arkansans through utilization review, quality improvement projects and public education. AFMC’s mission is to promote excellence in health and healthcare through evaluation and education. For more information, go to www.afmc.org and follow @afmc on Twitter and Facebook.