This content is excerpted from EyeNet’s MIPS 2023: A Primer and Reference; also see the Academy’s MIPS hub page.
You must submit the four attestations below. Failure to do so will result in a PI score of 0%.
Submit “yes” to attest that you performed the Security Risk Analysis. The Security Risk Analysis must be documented (in case of an audit), it must be done at some point during the 2023 performance year, and it must involve an analysis of the certified EHR technology (CEHRT) that you have in place during your 90-day PI performance period, but it doesn’t have to take place during that 90-day performance period. This Security Risk Analysis is also a requirement of the Health Insurance Portability and Accountability Act (HIPAA).
Is your security review sufficiently thorough? To help you with your review, you can download a Security Risk Analysis Tool.
Submit “yes” or "no" for the SAFER Guides attestation. The High Priority Practices guide is one of nine Safety Assurance Factors for EHR Resilience (SAFER) guides developed by the Office of National Coordinator for Health Information Technology (ONC). CMS wants practices to conduct a self-assessment of EHR resiliency based on the High Priority Practices guide. You can download a fact sheet on the High Priority Practices guide from the Resource Library at https://qpp.cms.gov. From the fact sheet, you can link to a PDF of the guide, which includes a checklist of what you need to do.
Note: The print version of the MIPS 2023: A Primer and Reference incorrectly stated that you must attribute "yes" for the SAFER Guides attestation for the 2023 performance year. However, that requirement doesn't take effect until the 2024 performance year.
Submit “yes” for the Prevention of Information Blocking attestation. Attest “yes” that you “did not knowingly and willfully take action (such as to disable functionality) to limit or restrict the compatibility or interoperability” of CEHRT.
Submit “yes” for the ONC Direct Review attestation. The ONC is responsible for certifying EHR systems as CEHRTs, and for monitoring CEHRTs to make sure they continue to meet their certification requirements. Occasionally, ONC may need to conduct a “direct review” of a vendor’s EHR product (for example, if ONC has a reasonable belief that faults within the EHR system may present a risk to public health). By submitting “yes” to this attestation, you agree to cooperate in such a review.
Previous: PI: How You'll Be Scored
Next: PI: Some Clinicians May Be Excused From Promoting Interoperability
DISCLAIMER AND LIMITATION OF LIABILITY: Meeting regulatory requirements is a complicated process involving continually changing rules and the application of judgment to factual situations. The Academy does not guarantee or warrant that regulators and public or private payers will agree with the Academy’s information or recommendations. The Academy shall not be liable to you or any other party to any extent whatsoever for errors in, or omissions from, any such information provided by the Academy, its employees, agents, or representatives.
COPYRIGHT© 2022, American Academy of Ophthalmology, Inc.® All rights reserved. No part of this publication may be reproduced without written permission from the publisher. American Academy of Ophthalmic Executives® and IRIS® Registry, among other marks, are trademarks of the American Academy of Ophthalmology®.
All of the American Academy of Ophthalmology (AAO)–developed quality measures are copyrighted by the AAO’s H. Dunbar Hoskins Jr., MD, Center for Quality Eye Care (see terms of use).