Meaningful Use Measure: HIPAA Security Risk Analysis
Let’s don’t get too complicated.
I keep getting lots of inquires from physicians and EHR vendors about meeting EP Meaningful Use measure #15: Protect Electronic Health Information.
The measure is met by conducting a HIPAA security risk analysis and implementing new security updates and corrective actions when a deficiency is identified. Some think there is a requirement to have a third party come in and perform the analysis. False. Some think they need to spend money on interactive software to meet this measure. False.
Let’s settle this once and for all and then move on to more important issues, like improving health care.
Meeting this requirement can be logical, simple, and actually bring value to a medical practice. The analysis should be embraced as a way to possibly identify threats to the protection of electronic health information. Who could argue with that? Regarding this MU measure, below is the relevant info. This is not my opinion. It is based on the regulations. EPs can do more, but it is not required for Stage 1.
Here is the specific Meaningful Use Measure: “Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process”.
Here is the link to referenced 164.308 – HIPAA Security rule. Here is a link to an important document – Security Standards: Implementation for the Small Provider. This document addresses specific requirements and details ways to address them.
If I was an EHR vendor, I would create a template for all my customers with check lists, sample questions, and guidance. Medical practices have to actually perform the analysis and potential corrective action, but this does not have to be complicated, expensive, or time consuming. Sometimes less is more.
Jim Tate is author of The Incentive Roadmap® The Meaningful Use of Certified Technology: Stage 1. Version 3.0 now available for purchase.
Become a member of one of the most extensive online education portals available to gain a complete understanding of meaningful use and CMS EHR Incentive Programs. [button link=”/become-a-member1/” size=”small” bg_color=”maroon”]Join Now[/button]