|
PY2024 Performance Feedback, 2026 Payment Adjustments, and Targeted Review
CMS has released MIPS payment adjustment information for the 2024 performance period/2026 MIPS payment year. Your 2024 MIPS final score determines the MIPS payment adjustment you will receive in 2026. A positive negative or neutral payment adjustment will be applied to the Medicare paid amount for covered professional services furnished in 2026.
| |
|
One thing to keep in mind is that the MIPS payment adjustment is determined based on performance score and adjusted to maintain budget neutrality as required by law. This is why payment adjustments vary from year to year even with similar scores. For payment year 2026, clinicians who received a perfect score of 100 points for performance in 2024 will receive a 1.05% upward payment adjustment.
To view your performance feedback and payment adjustment information, sign in to the QPP website, click “View Feedback” on the home page and select your organization.
If you participated in MIPS performance year 2024, please log in and view your feedback as soon as possible if you haven’t done so already. If you believe there’s an error in the calculation of your MIPS final score and associated MIPS payment adjustment, you can request a targeted review. The targeted review period will close November 14, 2025 at 8pm ET.
| |
|
CMS Publishes 2026 Policy Changes for the Quality Payment Program
CMS has issued its Calendar Year 2026 Medicare Physician Fee Schedule (PFS) Final Rule which includes policies for the Quality Payment Program for the 2026 performance year and beyond. CMS finalized a limited number of policies for QPP to keep the focus on stability in the program, support the continuing transformation of MIPS through MIPS Value Pathways (MVPs), and focus on alignment across programs. These finalized policies include:
- Additions, removals, and changes to performance measures across the Quality, Cost, and Improvement Activity MIPS categories and MVPs.
- Suppression of the Electronic Case Reporting measure for the current CY2025 performance period for the Promoting Interoperability category and the Medicare Promoting Interoperability Program.
- Maintaining the current performance threshold at 75 points through the 2028 performance year.
- Updates to Advance APM and MSSP ACO eligibility.
You can learn more about the final rule here.
| |
|
2025 MIPS Determination Periods, Snapshots & Eligibility Requirements
| |
|
Past and present Medicare Part B claims and PECOS data are reviewed twice each performance year for clinicians and practices. Each segment is represented above as a 12-month period. As an eligible clinician or provider, if you bill Medicare Part B services in both segments, you must exceed the low-volume threshold during both segments to be eligible for MIPS. As data from each review or segment is analyzed, reconciled, and released, final eligibility determination identifies:
- Eligibility (including whether you exceed the low-volume threshold);
- Assign special statuses; and
- Update clinician lists for each practice.
Final (reconciled) eligibility determinations from the two segments will be released by December 2025.
Eligibility is based on National Provider Identifier (NPI) and Associated Taxpayer Identification Numbers (TINs). To navigate to a link for MIPS Eligible Clinicians, Low-Volume Threshold, MIPS Determination Period and MIPS Eligible Clinical Types and other important information, access this weblink for the Quality Payment Program at: https://qpp.cms.gov/mips/how-eligibility-is-determined
| |
| Security Risk Assessments
As healthcare’s digital environment continues to advance, the duty to safeguard patient data becomes increasingly vital. The HIPAA (Health Insurance Portability and Accountability Act) Security Rule requires covered entities and their partners to carry out SRAs (Security Risk Assessments) regularly to identify and manage risks to protected health information (PHI). The Office for Civil Rights (OCR) recommends conducting these assessments at least once a year and any time there are significant changes within the organization.
The SRA serves as a cornerstone of compliance designed to uncover weaknesses in your organization’s information systems ensuring that clinicians uphold the privacy, integrity, and accessibility of PHI. Through careful analysis of possible threats and the application of protective measures, healthcare professionals can reduce the likelihood of data breaches, unauthorized releases, and significant fines.
As the Security Risk Assessment season approaches, we encourage you to secure your network and PHI by contacting the CQHII today.
| |
| CQHII HIPAA Training Course
The updated course now features content on “Reproductive Health Care Privacy” as well as a new section addressing the impact of Artificial Intelligence on security. Each lesson remains concise and can be completed in approximately 30 minutes—ideal for lunch breaks. The curriculum includes a brief introduction module along with twelve modules covering both the HIPAA Privacy and HIPAA Security Rules.
Cost: $25 per user
If you would like more information regarding group discounts, please contact us at CQHII@uth.tmc.edu.
| |
|
| Farewell to Sheila Banyai
We would like to express our sincere appreciation to Sheila Banyai, who will be retiring in January 2026 following years of exemplary leadership and commitment to security at CQHII. Sheila has played a vital role within our team, and her expertise and guidance have significantly contributed to our achievements. She will be greatly missed by both colleagues and collaborators. Her positive influence and dedicated service have established a lasting legacy at our organization. While Sheila has shared that she will miss interacting with colleagues and supporting our operations, she is looking forward to retirement, traveling with her husband, and spending time with her dogs.
Moving forward, we are pleased to announce that Diana Canales will be assuming the position of security specialist. Diana brings three years of experience at CQHII, along with a strong foundation in audits and Security Risk Assessments, demonstrating precision and diligence in her work. We encourage you to join us in thanking Sheila for her outstanding contributions and welcoming Diana as she builds upon our security initiatives.
| |
|
MIPS Reporting Requirements for Each Category
With the year coming to an end and the busy holiday season occupying much of your time at the practice, it's a great opportunity to review your MIPS data reports. While reviewing your MIPS performance reports, refer to the reporting requirements to identify areas for improvement.
- Submit collected data for at least 6 quality measures (including one outcome measure or high priority measure), or a complete specialty measure set.
- Report performance data for at least 75% of denominator-eligible cases for each quality measure (data completeness)
- 12-month performance period (January 1, 2025 – December 31, 2025)
- Use EHR technology to meet health IT certification criteria for participation by using CEHRT
- Submit performance data (numerator/denominator) or a ‘Yes’) for the required measures in each objective
- Submit your EHR’s CMS identification code from the Certified Health IT Product List (CHPL) and a ‘Yes’ to the following attestation statements
- The Actions to Limit or Restrict Compatibility or Interoperability of CEHRT Attestation
- The ONC Direct Review Attestatio
- The Security Risk Analysis (SRA) Measur
- The Safety Assurance Factors for EHR Resilience (SAFER) Guides Measur
- ONC-Authorized Certification Bodies (ACB) Surveillance Attestation (optional)
- 180 continuous day performance period
- Clinicians, groups, and virtual groups with the small practice, rural, non-patient facing, or health professional shortage area special status must attest to 1 activity (submit a ‘Yes’)
- All other clinicians, groups, and virtual groups must attest to 2 activities
- 90 continuous day performance period
| |
|
HARP Password Access to MIPS Reporting Portal
HCQIS Access Roles and Profile (HARP) is a secure identity management portal provided by the Centers for Medicare and Medicaid Services (CMS). Creating an account via HARP provides users with a user ID and password that can be used to sign into many CMS applications. It also provides a single location for users to modify their user profile, change their password, update their challenge question, and add and remove two-factor authentication devices.
To create a HARP account, go to https://harp.cms.gov/register and complete the registration form to create a HARP account. Users must enter their profile information, account information, and successfully complete proofing (identify verification). Registration could take anywhere from 5 to 15 minutes, depending on how quickly user data is proofed and verified. HARP uses a third-party service provided by Experian to verify user identities. To complete account setup, users need to log into HARP and set up two-factor authentication.
HARP account passwords are required to be reset after 60 days of inactivity. Please remember to log in within this period to avoid password expiration. If your password has expired, you will be prompted to change your password upon attempting to login to HARP. You will need to enter your old password and new password to change your password.
If your account is locked, you will be prompted to unlock your account upon logging into HARP. Enter your email address and follow the instructions to unlock your account. Otherwise, your account will automatically unlock after one hour. If your account has been deactivated, it cannot be recovered. However, you may use our registration portal to create a new account. Although you may re-register using the same email address, you will have to select a new user ID. Your previous roles will not be available and will need to be requested again.
For more details, visit HARP Help or contact the Quality Payment Program Service Center at 866-288-8292.
| |
|
