An annual Security Risk Analysis is required annually for MIPS. Some EHRs are also requesting that you complete a risk assessment from HEALTHIT.gov. This is in addition to your HIPAA Security Risk Analysis.
Simply go to your dashboard and click “Update Risk Analysis”. If you have not generated a “Documents Package” within 90 days, one will be automatically created for you. Since this is a large package, it may take a few moments. Once the documents package has been created, you may click continue. This will clear your Questionnaire in Step 1 so you may update your Risk Analysis. Once you complete the questionnaire, please email email@example.com so one of our security analysts can review and make recommendations. After the analyst has completed the review, you will receive an email requesting that you approve the Risk Management Plan. This is what you will download and submit for MIPS.
NOTE: It is recommended to create a document package each time you make changes in the system to document your ongoing compliance efforts.
There are two ways to download your Risk Management Plan.
Go to Step 1,
Click on the Security Risk Analysis & Risk Management link,
Click on Review & Approve,
Once the Risk Management Plan loads (may take a few moments since it is a large file), using the outside scroll bar, scroll to the bottom and click download.
Download the zip file with all of your documents:
From your dashboard,
Scroll down and on the left look for "Download Documents"
On the right you will see the list of packages that have been generated.
Once you click the Download icon, this will create a Zip file.
Most of the time these files are directed to your “Downloads” folder in your Windows Explorer Directory unless your IT vendor has directed the download to a server or elsewhere.
Once you locate your file, simply right click on the folder and select Extract All.
All of your files will unzip.
Go to Step 1. This is where your Risk Management Plan is located.