GoalConduct or review a security risk analysis and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process.
Measure DetailsSpecifications from CMS: Objective 1
When attesting to Medicare, the provider must attest YES to having conducted or reviewed a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implemented security updates as necessary and correct identified security deficiencies prior to or during the EHR reporting period to meet this measure.
How to Meet This Measure in Elation
This Measure refers to how you protect the health information within your practice.
A security risk analysis needs to be done by the practice itself and includes steps that are outside the scope of Elation. Please be rest assured that Elation is going above and beyond what is required for the EMR in terms of security but there are additional steps that you need to take as a practice. In subsequent MU reporting years, or when changes to the practice or electronic systems occur, a review must be conducted.
There are 2 ways to conduct a security risk analysis review:
- Use the following CMS-approved Security Risk Assessment Tool to conduct a security risk analysis yourself: http://www.healthit.gov/providers-professionals/security-risk-assessment-tool
- Work with a CMS-approved Regional Extension Center representative to review your security risk analysis. Contact your local Regional Extension Center here: http://www.healthit.gov//providers-professionals/rec-highlights