> ## Documentation Index
> Fetch the complete documentation index at: https://help.elationhealth.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Promoting Interoperability (MIPS) - Security Risk Analysis

> This article describes the Security Risk Analysis measure that must be completed for the MIPS Promoting Interoperability performance category.

## Measure Details

Conduct or review a security risk analysis on your 2015 Edition CEHRT and/or 2015 Edition Cures Update CEHRT functionality on an annual basis, within the calendar year of the performance period.

## Measure Parameters

Eligible professionals (EPs) must attest YES to conducting or reviewing a security risk analysis and implementing security updates as necessary and correcting identified security deficiencies to meet this measure.

## Workflows outside of Elation

This measure refers to how you protect the health information within your practice. A security risk analysis needs to be completed by the practice outside of Elation.

There are 2 ways to conduct a security risk analysis review:

1. Use the following CMS-approved Security Risk Assessment Tool to conduct a security risk analysis yourself: [http://www.healthit.gov/providers-professionals/security-risk-assessment-tool](http://www.healthit.gov/providers-professionals/security-risk-assessment-tool)
2. Work with a CMS-approved Regional Extension Center representative to review your security risk analysis. Contact your local Regional Extension Center [here](https://ehrintelligence.com/news/list-of-regional-extension-center-contacts).

## Additional Information

[CMS 2023 MIPS Promoting Interoperability User Guide](https://www.cms.gov/files/document/medicare-pi-program-webinar-presentation.pdf)

## Related Articles

* [Promoting Interoperability (MIPS 2024)](/articles/Promoting-Interoperability-MIPS-2024)