All webinars and in-person events are on hold until further notice.


Expected date system will be available for Program Year 2019 applicationsDecember 2, 2019
Deadline to submit Program Year 2019 applicationsApril 30, 2020


ONC and the Office for Civil Rights (OCR) announced the release of version 3.1 of the Security Risk Assessment (SRA) Tool. The SRA Tool is the most downloaded resource on HealthIT.gov and has been updated with features based on feedback from users! The tool is designed to assist small to medium providers in conducting an internal security risk assessment as required by the HIPAA Security Rule and the CMS’ Promoting Interoperability Programs.


What documentation is required to claim exclusions for the Public Health and Clinical Data Registry Reporting measures?

Providers must be in active engagement status with at least two registries. If less than two, the provider must meet the exclusion criteria for all remaining measures and upload a signed letter documenting the necessary criteria has been met. The letter must document that the following conditions apply:

  • Does not give immunizations [do not include this item if attesting to Florida SHOTS];
  • Does not treat or diagnose cancer [do not include this item if attesting to Florida Cancer Registry];
  • Does not prescribe controlled substances to patients 16 years of age or older or has not previously received an incentive payment using E-FORCSE as a registry option [do not include this item if attesting to E-FORCSE]; and
  • Has researched registry options and does not diagnose or directly treat any disease or condition associated with a public health registry/clinical data registry in their jurisdiction or practices in a jurisdiction where no public health registry/clinical data registry has declared a readiness to receive electronic registry transactions as of six month prior to the start of the EHR reporting period.

Providers are strongly encouraged to keep all documentation relative to attempts to connect with registries, research conducted to locate potential registries, and other documentation supporting the exclusion criteria above. Additional documentation may be requested if the provider is selected for post-payment audit.