To fulfill the Meaningful Use Core Objective and Measure for Privacy and Security and qualify for incentive payments, Eligible Professionals (EPs) must “protect electronic health information created or maintained by the certified EHR technology through the implementation of applicable technical capabilities. ALREC Trusted Advisors use a multifaceted approach to reviewing infrastructure and safe guards related to HIPAA. All plans are designed and created to suite the specific needs of each provider.
WHAT DO YOU NEED TO DO AS AN EP?
First, EPs must conduct or review a security analysis. Then, based on the results of the analysis, EPs must implement necessary security updates and correct security deficiencies identified in the risk management process.
It is important to note:
There are NO exclusions available to EPs for this measure.
Not completing the required risk analysis and/or falsely attesting to its completion could result in forfeiture of meaningful use incentive payments and further lead to possible HIPAA violations.
ALREC OFFERS A 5-STEP APPROACH TO RISK ANALYSIS
STEP 1: The Risk Analysis Tool Kit includes checklist questions regarding general clinic and EHR security and a Risk Analysis Report and Action Plan sample.
STEP 2: The checklist questions identify controls or safeguards already in place in a provider’s clinic or EHR system and vulnerabilities creating greater risk.
STEP 3: The Physical Security Walk-Through determines the likelihood and impact of each vulnerability.
STEP 4: A Risk Analysis Report is created to identify the critical vulnerabilities needing mitigation.
STEP 5: An Action Plan that addresses mitigation steps for threats lacking the proper controls or policies is created.