One of the required meaningful use criteria is to conduct a security risk analysis. To help physicians carry out this objective and comply with the HIPAA Security Rule, the Office of the National Coordinator (ONC) has created a security risk analysis tool.
Physicians who meaningfully use a certified electronic health record (EHR)may qualify for EHR incentives up to $44,000 under Medicare or up to $63,750 under Medicaid. Many of the meaningful use measures offer exclusions (see Do you qualify for Meaningful Use Exclusions?), but conducting a security risk assessment is a core requirement and there are no available exclusions.
Use of ONC's Risk Analysis tool will provide an overall view of the state of security and provide suggestions for potential deficiencies. There are various methods of performing a risk analysis to guarantee compliance with the HIPAA Security Rule and meaningful use; however. there are several key elements that must be incorporated, regardless of what method you use in your practice. You must:
- Document scope of analysis;
- Collect data;
- Identify and document potential threats and vulnerabilities;
- Assess current security measures;
- Determine the likelihood of threat occurrence;
- Determine the potential impact of threat occurrence;
- Determine the level of risk;
- Finalize documentation; and
- Periodically review and updates to risk assessment.
Texas regional extension centers (RECs) can help your practice with a security risk analysis through on-site technical consulting. Their services are designed to take your practice from its current state – whether you are starting with a paper-based system or looking to optimize your current EHR system – to meaningful use to qualify for the federal EHR incentives. The Texas RECs understand the unique challenges physicians face and will work with you to fully realize the benefits of EHRs in improving efficiencies and patient care. They serve as a direct pipeline to the national program with HIT adoption. Visit TMA's REC Resource Center to learn more about the Texas RECs, available incentives, REC and incentive eligibility, and meaningful use.
Still have a question? Contact the TMA Health Information Technology helpline at (800) 880-5720 or email HIT.
Action, Aug. 15, 2011