Revenue Cycle Management Blog | GroupOne Health Source

CMS Tip Sheet: Conducting a Security Risk Analysis for Your Practice

Written by Kaitlyn Houseman | December 11, 2013

Have you reviewed your practice processes to make sure that your patients’ personal health information is protected and secure?

Even though there are no  changes to the HIPAA Security Rule, if you are participating in Stage 1 or Stage 2 of the EHR Incentive Programs, you need to conduct a security risk analysis of your practice to meet Meaningful Use requirements. 

What’s required?  CMS has a tipsheet that will help you understand:

  • Steps for conducting a security risk analysis
  • How to create an action plan
  • Security areas to be considered and their corresponding security measures
  • Myths and facts about conducting a security risk analysis

Be sure to review the steps and conduct your review for your practice.  It is required in both stages of meaningful use to receive your incentive payment.

Additional Resources
The CMS EHR Incentive Programs website offers other meaningful use resources.

For a deeper dive, ONC offers a Guide to Privacy and Security of Health Informationthat includes a ten-step plan for health information privacy and security. 

Want more information about the EHR Incentive Programs?
Make sure to visit the Medicare and Medicaid EHR Incentive Programs website for the latest news and updates on the EHR Incentive Programs.