MU: Security Risk Assessments Needed for Meaningful Use
September 19, 2016
Written by Patty Kosednar
Hey everyone, this is just a friendly reminder that a security risk assessment is required as part of meaningful use (MU) for EVERY reporting year. Below is text regarding this requirement from the CMS Security Risk Analysis Tip Sheet.
“Conducting a security risk analysis (SRA) is required when certified EHR technology is adopted in the first reporting year. In subsequent reporting years, or when changes to the practice or electronic systems occur, a review must be conducted. It is acceptable for the security risk analysis to be conducted outside the EHR reporting period. However, the analysis must be conducted for the certified EHR technology used during the EHR reporting period and the analysis or review must be conducted on an annual basis prior to the date of attestation. In other words, the provider must conduct a unique analysis or review applicable for the EHR reporting period and the scope of the analysis or review must include the full EHR reporting period. Any security updates and deficiencies that are identified in the review should be included in the provider’s risk management process and implemented or corrected as dictated by that process”
Resource Link
If you need assistance or have questions regarding the requirements of the MU SRA, please contact my HTS colleague, Susan Clarke, who is a certified Health Care Information Security and Privacy Practitioner at 307-248-8179 or visit our HTS HIPAA Privacy and Security web page.
HIPAA Readiness Quiz
Other Resource Links
CMS EHR Incentive Program website
Leave a reply, ask a question or share information using the “Leave a Reply” section below, or email Patty Kosednar directly with your questions or comments.
Subscribe to the HTS Meaningful Use Blog
Subscribe
See a list of upcoming webinars
Check out any webinars you missed
Leave a Reply