What you need to know Physicians who intend to submit data for the 2018 Promoting Interoperability (PI) category must complete a Security Risk Assessment (SRA) by December 31. The SRA can be completed by an outside organization or by someone in the practice—preferably someone with IT experience. For more information The following tools are available to help clinicians with privacy and security initiatives: What you need to know Physicians who intend to submit data for the 2018 Promoting Interoperability (PI) category must complete a Security Risk Assessment (SRA) by December 31. The SRA can be completed by an outside organization or by someone in the practice—preferably someone with IT experience. For more information The following tools are available to help clinicians with privacy and security initiatives: