Meaningful Use

Healthcare organizations that demonstrate Meaningful Use have the opportunity to receive incentive payments through the Medicare and Medicaid EHR Incentive Programs.

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

The Administrative Safeguards provisions in the Security Rule require covered entities to perform a “risk analysis” as part of their security management processes.

From CMS Final Rule Meaningful Use Stage 1 Objectives and Measures:

Conduct or review a security risk analysis per 45 CRF 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process

A risk analysis process includes, but is not limited to, the following activities:

• Evaluate the likelihood and impact of potential risks to e-PHI;
• Implement appropriate security measures to address the risks identified in the risk analysis;
• Document the chosen security measures and, where required, the rationale for adopting those measures; and
• Maintain continuous, reasonable, and appropriate security protections.