Security Risk Analysis for Meaningful Use, MIPS/MACRA and HIPAA

Security Risk Analysis MIPS MACRA

Conducting security risk analysis is REQUIRED for all clinicians or hospitals attesting to MIPS/MACRA  to receive positive or downward payment adjustments. Also, any organization that is a Covered Entity or Business Associate under HIPAA regulations MUST complete an annual security risk assessment, then maintain a supporting risk management plan for a potential HHS/OCR audit. In addition, NCQA PCMH program provides 2 credits (TC5) recognition for completing your annual Security Risk Assessment. 

MIPS/Meaningful Use security audits are actively being conducted by Figliozzi and Company on pre-payment and post-payment basis, and several firms have forfeited large sums of incentive payments by failing to produce proper supporting documentation. In addition, the quality payment program a.k.a MACRA/MIPS requires security risk analysis measure to be completed. Also, HIPAA OCR audits are specifically being focused on comprehensive security risk assessment of all ePHI produced, stored or transmitted. Theft and unauthorized transfer of medical records is a lucrative criminal enterprise, and reported data breaches have resulted in severe financial loss; risk assessment is one of the most effective methods to avoid these incidents. In addition, risk analysis is the first step in HIPAA security rule compliance efforts.

In addition, NCQA Patient-Centered Medical Home(PCMH) provides 2 Credits (TC5) for the practices which use an EHR system (or modules) that has been certified and issued an ONC Certification ID, conducts a security risk analysis, and implements security updates as necessary correcting identified security deficiencies.

EHR 2.0’s certified privacy and security professionals can help your organization comply with the requirement in a most efficient and cost-effective way.

Our deliverables include but not limited to:

  • Defining the scope of the security risk analysis
  • Inventorying ePHI systems
  • Reviewing past security risk assessment report
  • Assessing current security measures
  • Determining the likelihood of threat occurrence
  • Identifying risks using automated and manual vulnerability analysis
  • Prioritizing implementation
  • Documentation of findings
  • Security risk assessment report
  • Summary Report
  • Risk management plan
  • Optional continuous compliance

Why EHR 2.0?



Showcase



Customer Success Stories



Pricing 



Our step-by-step approach:hipaa-security-risk-analysis

  1. Defining the scope of the security risk analysis
  2. Inventorying ePHI systems
  3. Assessing current security measures and reviewing past security risk assessment report
  4. Determining the likelihood of threat occurrence
  5. Identifying risks using automated and manual vulnerability analysis
  6. Prioritizing implementation
  7. Documentation of findings
  8. Security risk assessment report
    • Summary Report
    • Action Plan
  9. Annual update

Additional Resources



request-for-a-quote