Secondary Logo

Share this article on:

Meaningful Use: Protect Electronic Health Information Through Security Risk Analysis

Hess, Cathy Thomas BSN, RN, CWOCN

Advances in Skin & Wound Care: November 2014 - Volume 27 - Issue 11 - p 528
doi: 10.1097/01.ASW.0000455990.79423.7a
DEPARTMENTS: Practice Points

Cathy Thomas Hess, BSN, RN, CWOCN, is Vice President and Chief Clinical Officer, Net Health. Ms Hess presides over Professional Services, which offers products and solutions to optimize process and work flows. Address correspondence to Cathy Thomas Hess, BSN, RN, CWOCN, via e-mail: cthess@nhsinc.com.

In my previous column, Meaningful Use Audit Checklist, we discussed the resources necessary for a successful attestation process. Although the column offers important information to support the Meaningful Use Audit Process, it is also a reminder that the documentation to support attestation data for meaningful use objectives and clinical quality measures should be retained for 6 years after attestation.

One of the target objectives included in the audit process is Protecting Electronic Health Information. The audit validation for Protecting Electronic Health Information should support that a security risk analysis of the certified electronic health record technology was performed prior to the end of the reporting period. Your supporting documentation should include a report that documents the procedures performed during the analysis and the results. Reports should be dated prior to the end of the reporting period and should include evidence to support that it was generated for that provider’s system. The information shared below is excerpted from the Centers for Medicare & Medicaid Services’ Security Risk Analysis Tipsheet: Protecting Patients’ Health Information.1 Additional information to support this work can be found within the Guide to Privacy and Security of Health Information.2

The following Table illustrates examples of safeguards and processes you might incorporate to mitigate security risks to your practice. These are only examples and should not be used as a comprehensive guide for mitigating security risks. You should integrate reasonable and appropriate administrative, physical, and technical safeguards that are tailored to the size and complexity of your practice.

Table 1

Table 1

Back to Top | Article Outline

References

1. Security Risk Analysis Tipsheet: Protecting Patients’ Health Information. December 2013. http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/SecurityRiskAssessment_FactSheet_Updated20131122.pdf. Last accessed September 22, 2014.
2. Guide to Privacy and Security of Health Information. Version 1.2 060112. http://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf. Last accessed September 22, 2014.
© 2014 Wolters Kluwer Health | Lippincott Williams & Wilkins. All world rights reserved.