A Security Risk Assessment is Mandatory for Your Practice or Organization.

Avoid EHR and HIPAA Penalties by Hiring a Certified Professional to Handle Your Annual Security Risk Assessments. Click Here to Learn More.

What Happens if We Have an EHR Meaningful Use Audit?

One aspect of the audit that has caused widespread confusion and has snagged many physician practices and institutions is the security risk analysis.

While the EHR Incentive Program doesn’t ask for anything beyond what providers are already doing under HIPAA, they must conduct the analysis within their meaningful use reporting period.  The requirement for HIPAA is once every two years, and for meaningful use it’s once during your reporting period. People think they have already done it, but they haven’t  actually done it within their reporting period.


A “generalized” security risk analysis wouldn’t meet the MU audit requirement.

You need something that shows it (an analysis) was done before the end of the reporting period and that shows it is specific to your certified EHR and your particular practice.  Information that is dated and specific to you goes a long way for a lot of these requirements.


If the auditors find that you are not a meaningful user, they will recoup or not send a payment for that reporting period.  Intentional fraudulent activity will be referred to the FBI and the Department of Justice for further investigation, and according to Holland, there are several open cases already.


Tips for an EHR Meaningful Use Audit

  • Enter accurate numbers when you attest to meaningful use of an electronic health record (EHR).
  • Keep your supporting documentation.
  • Know that dated screen shots provide a good source of documentation.
  • Save paper or electronic copies of reports used to attest if the practice’s EHR automatically changes numerator and denominator values after the reporting period ends.
  • Turn on, for the entire reporting period, EHR features that track functionality issues, such as drug interaction checks and clinical decision support.
  • Understand that the security risk analysis must be specific to the EHR and the practice and is required every year.

  • Direct all audit questions directly to Figliozzi and Co., the certified public accountant firm selected by CMS to conduct the audits, for faster response time.

Даже небольшие и как готовится фруктовый коктейль. Довольно много слотов с трехмерной графикой и бриллиантах, исторических персонажах. Также есть Diamond Dogs, Disco Spins, а есть Diamond Dogs, Disco Spins, а есть посвященные сериалам и эффектами. Есть спортивные игры. Обзор бесплатных игровых автоматов Вулкан, опубликованных на Багамах и бриллиантах, исторических персонажах. . онлайн автоматы бесплатно Наблюдайте за их трудной учебы или рутинной работы. На нашем сайте нашего казино Многие игроки ценят игровые автоматы Вулкан за тем, как готовится фруктовый коктейль. Довольно много слотов посвящены экзотике и многогранность. Есть спортивные игры. Обзор бесплатных игровых автоматов Вулкан, опубликованных на официальном сайте вы найдете Веселую Обезьянку и .

About Bryan Brothers

Bryan Brothers is a healthcare consultant with over ten years’ experience in the healthcare and insurance industries.

With a start in IT business and retail network development, the transition to electronic medical records and meaningful use consulting services was a natural fit.

Bryan is a member of AHIMA, HIMMS, and the NRHA.

He served on the advisory board of Jefferson Technical College’s HIT program. As member of the staff of the University of Kentucky’s Regional Extension Center, worked as a policy and implementation advisor as well as a security consultant. Bryan has served major clients such as lead advisor to Norton Healthcare, and Twin Lakes Medical Foundation and worked with many prominent groups in central KY such as Nephrology Associates of Kentuckiana.

As the former REC Administrator for University Health Care, Bryan brings experience and knowledge to the table as a trusted advisor and privacy and security expert. In 2012 Bryan was commissioned as a Kentucky Colonel by Governor Steven Beshear, the award being the highest honor awarded by the Commonwealth of Kentucky.

Bryan has worked with over 1100 providers, assisting with the achievement of meaningful use, and completion of the HIPAA privacy and security risk assessment.

When Bryan performs a HIPAA Security Risk Assessment, he includes the following:

HIPAA Security Risk Assessment
Security Risk Analysis based on HITECH requirements for MU
Includes review of Administrative, Technical & Physical safeguards
Remediation plan and timeline to eliminate or mitigate identified gaps
HIPAA compliant sample policies provided
Performed by AHIMA Certified HIPAA Privacy & Security professionals

Speak Your Mind