Security Risk Analysis (2017 Base Measure)
1. Measure Details.
2. Measure Parameters
3. Meeting the Measure in Elation
4. Additional Information / FAQs
1. Measure Details
Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of electronic Protected Health Information (ePHI) data created or maintained by your EHR in accordance with requirements in 45 CFR164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the MIPS eligible clinician’s risk management process.
2. Measure Parameters:
How to meet this measure: Security Risk Analysis is a Yes/No measure. However the actual analysis must be performed. Two useful tools for performing this are:
- The CMS-approved Security Risk Assessment Tool
- Work with a CMS-approved Regional Extension Center representative to review your security risk analysis.
3. Elation Workflows
None, this measure is done externally using one of the methods above, or another approved source.
4. Additional Info/FAQs