Synovim Web
Vitals
Important and time-sensitive information
LEARN MORE ABOUT THE PROTECT ELECTRONIC HEALTH INFORMATION CORE OBJECTIVE

If you are a provider participating in the EHR Incentive Programs, conducting or reviewing a security risk analysis is required to meet Stage 1 and Stage 2 of Meaningful Use. This Meaningful Use objective complements, but does not impose new or expanded requirements on the HIPAA Security Rule
 

How This Objective Improves Care
Security risk analysis doesn't just help your organization ensure it is compliant with HIPAA's administrative, physical, and technical safeguards; this ongoing process also helps reveal areas where your organization's electronic protected health information (e-PHI) could be at risk. Meeting this objective can help you avoid and address common security gaps that lead to cyber-attack or data loss, which helps protect your practice, information, technology, and the people you serve.  

New CMS Guidance for When to Complete a Security Risk Analysis
A security risk analysis needs to be conducted or reviewed during each program year for Stage 1 and Stage 2. These steps may be completed outside OR during the EHR reporting period timeframe, but must take place no earlier than the start of the reporting year and no later than the end of the reporting year.  

For example, an eligible professional who is reporting for a 90-day EHR reporting period in 2014 may complete the appropriate security risk analysis requirements outside of this 90-day period as long as it is completed between January 1 and December 31 in 2014. For more information, read the new FAQ.

Please note:

  • Conducting a security risk analysis is required when certified EHR technology is adopted in the first reporting year.
  • In subsequent reporting years, or when changes to the practice or electronic systems occur, a review must be conducted.

Resources for Security Risk Analysis-Let Synōvim help

Synōvim offers a web-based solution that provides a simple and affordable answer to HIPAA e-PHI security risk analysis requirements. Assistance is tailored to the level you need to successfully meet the requirements and reduce your risk for non-compliance in the event of an audit by the Department of Health and Human Services Office for Civil Rights. Synōvim provides no cost estimates for all services and hosts monthly privacy and security educational webinars hosted by Trish Harkness, CISSP, CHPS. Let Synōvim help you meet HIPAA e-PHI security risk analysis requirements.

To help providers understand what's required to meet this core objective, CMS has a Security Risk Analysis Tipsheet available on the Educational Resources page that includes: 

  • Steps for conducting a security risk analysis
  • How to create an action plan
  • Security areas to consider and potential courses of action 
  • Myths and facts about conducting or reviewing a security risk analysis

This information is also available as an intermediate level resource on eHealth University.

Providers in small-to-medium sized offices may also use ONC's Security Risk Assessment (SRA) tool to conduct risk assessments of their organizations. The tool also produces a report that can be provided to auditors.  A User Guide and Tutorial video are available to help providers use the tool.

Want more information about the EHR Incentive Programs?
Make sure to visit the Medicare and Medicaid EHR Incentive Programs website for the latest news and updates on the EHR Incentive Programs.
CONNECT WITH US
Facebook


Synōvim Healthcare Solutions, Inc. is an independent, nonprofit organization sponsored by the Kansas Foundation for Medical Care (KFMC) and the Kansas Association for the Medically Underserved (KAMU). Now the most valued advisor in health information technology throughout the state of Kansas, Synōvim offers proven expertise in EHR implementation & optimization, Meaningful Use assistance and Information Systems Security Management. For more information, visit synovim.org. 

This material was prepared by Kansas Foundation for Medical Care, Inc. as part of our work as the Kansas Regional Extension Center, under grant #90RC0003/01 from the Office of the National Coordinator, Department of Health & Human Services.SYNREC_2014_54