![\"Draft-Banner\"](\"https:\/\/dsiohn098w.mpqhf.org\/blog\/wp-content\/uploads\/2016\/09\/Draft-Banner.png\")
<\/p>\n<\/p>\n
Hey everyone, this is just a friendly reminder that a security risk assessment is required as part of meaningful use (MU) for EVERY reporting year.\u00a0 Below is text regarding this requirement from the CMS Security Risk Analysis Tip Sheet<\/a>.<\/p>\n \u201cConducting a security risk analysis (SRA) is required when certified EHR technology is adopted in the first reporting year. \u00a0In subsequent reporting years, or when changes to the practice or electronic systems occur, a review must be conducted. \u00a0It is acceptable for the security risk analysis to be conducted outside the EHR reporting period.\u00a0 However, the analysis must be conducted for the certified EHR technology used during the EHR reporting period and the analysis or review must be conducted on an annual basis prior to the date of attestation. In other words, the provider must conduct a unique analysis or review applicable for the EHR reporting period and the scope of the analysis or review must include the full EHR reporting period. \u00a0Any security updates and deficiencies that are identified in the review should be included in the provider\u2019s risk management process and implemented or corrected as dictated by that process\u201d<\/p>\n Resource Link<\/strong><\/p>\n CMS SRA Tip Sheet<\/a><\/p>\n If you need assistance or have questions regarding the requirements of the MU SRA, please contact my HTS colleague, Susan Clarke, who is a certified Health Care Information Security and Privacy Practitioner at 307-248-8179 or visit our HTS HIPAA Privacy and Security<\/a> web page.<\/p>\n HIPAA Readiness Quiz<\/strong><\/p>\nAre you 100% confident in your organization\u2019s HIPAA compliance efforts?\u00a0 Take our short HIPAA Readiness Quiz to find out. \u00a0Take the