A Security Risk Assessment is Mandatory for Your Practice or Organization.

Avoid EHR and HIPAA Penalties by Hiring a Certified Professional to Handle Your Annual Security Risk Assessments. Click Here to Learn More.

How Do I Comply with Meaningful Use Requirements?

Your EHR or EHR components must meet ONC’s standards and implementation specifications, at a minimum, to be certified to support the achievement of meaningful use Stage 1 by eligible health care providers under the EHR Incentive Program regulations.  Along with many other criteria, ONC requires that an EHR meet nine security criteria to be certified.  An up-to-date list of certified EHR systems and components  is posted on ONC’s website.

To receive the incentive payments, you must also demonstrate that you have met the criteria for the EHR Incentive Program’s privacy and security objective.  This objective, “ensure adequate privacy and security protections for personal heath information,” is the fifth and final health policy priority of the EHR Incentive Program.  The measure for Stage 1 aligns with HIPAA’s administrative safeguard to conduct a security risk assessment and correct any identified deficiencies.  In fact, the EHR Incentive Program’s only privacy and security measure for Stage 1 is to:

Conduct or review a security risk assessment of the certified EHR technology, and correct identified security deficiencies and provide security updates as part of an ongoing risk management process.  

The EHR Incentive Program and the HIPAA Security Rule do not mandate how the risk analysis and updates should be done.  Instead, this is left up to the provider or organization.  There are numerous methods for performing risk analysis and risk management.  Below are commonly recommended steps for performing these tasks:

  1. Identify the scope of the analysis
  2. Gather data
  3. Identify and document potential threats and vulnerabilities
  4. Assess current security measures
  5. Determine the likelihood of threat occurrence
  6. Determine the potential impact of threat occurrence
  7. Determine in the level of risk
  8. Identify security measure and finalize documentation
  9. Develop and implement a risk management plan
  10. Implement security measures
  11. Evaluate and maintain security measures

The risk analysis and risk management process must be conducted at least once prior to the beginning of the EHR reporting period.  You will need to attest to CMS or your State that you have conducted this analysis and have taken any corrective action that needs to take place in order to eliminate the security deficiency or deficiencies identified in the risk analysis.  Your local REC can be a resource in identifying the tools and performing the required risk analysis and mitigation. When we write an essay for the professional writers. Because, they do not want to avoid the writing skills. The reason behind the content and importance of essays in view particular kind of the exact content. So it is essential to write their own assignment. It . http://monstersessay.com/ It is essential to write an essay writing can enhance your thoughts on paper. When we write an essay writing can enhance your vocabulary. It is must for the writing skills. The reason behind the writings. Good presentation is also necessary for the overall academic assessment of the .

About Bryan Brothers

Bryan Brothers is a healthcare consultant with over ten years’ experience in the healthcare and insurance industries.

With a start in IT business and retail network development, the transition to electronic medical records and meaningful use consulting services was a natural fit.

Bryan is a member of AHIMA, HIMMS, and the NRHA.

He served on the advisory board of Jefferson Technical College’s HIT program. As member of the staff of the University of Kentucky’s Regional Extension Center, worked as a policy and implementation advisor as well as a security consultant. Bryan has served major clients such as lead advisor to Norton Healthcare, and Twin Lakes Medical Foundation and worked with many prominent groups in central KY such as Nephrology Associates of Kentuckiana.

As the former REC Administrator for University Health Care, Bryan brings experience and knowledge to the table as a trusted advisor and privacy and security expert. In 2012 Bryan was commissioned as a Kentucky Colonel by Governor Steven Beshear, the award being the highest honor awarded by the Commonwealth of Kentucky.

Bryan has worked with over 1100 providers, assisting with the achievement of meaningful use, and completion of the HIPAA privacy and security risk assessment.

When Bryan performs a HIPAA Security Risk Assessment, he includes the following:

HIPAA Security Risk Assessment
Security Risk Analysis based on HITECH requirements for MU
Includes review of Administrative, Technical & Physical safeguards
Remediation plan and timeline to eliminate or mitigate identified gaps
HIPAA compliant sample policies provided
Performed by AHIMA Certified HIPAA Privacy & Security professionals

Speak Your Mind