Meaningful Use Risk AnalysisAn assessment of your information security program completed as part of Meaningful Use Attestation to ensure meaningful use compliance
FRSecure performs a full array of information security assessments and audits including FISMA, ISO Certification, NERC/FERC, FDA, SEC, FINRA, SOX, and more. If you’re looking for an assessment, we’ve likely done it before, and are happy to discuss your needs with you. Call us today.
What is a Meaningful Use Risk Analysis?
Whether you’re attesting to Stage 1 or Stage 2, one of the core measures is to complete a security risk analysis. The Meaningful Use Risk Analysis is an information security assessment covering the HIPAA Security Rule with some overlap into the Privacy Rule to ensure meaningful use compliance.
In a Meaningful Use Risk Analysis risks to PHI are identified, measured, and prioritized in a security remediation roadmap. The M/U risk analysis should include PHI risks in the areas of Administrative, Physical and Technical security controls, per 45 CFR Part 160 and Subparts A and C of Part 164.
Why would I want one?
If you are a covered entity or a business associate then you are required to assess your security program and adhere to meaningful use compliance. If you’re attesting to Meaningful Use one of the Core Measures is to “Conduct or review a security risk analysis and remediate findings”. The first step in that process is the security risk analysis, and basing the analysis on the HIPAA Security Rule is the best way to ensure you are in a good spot going forward as audits increase.
You’re not required to hire a 3rd party to perform this assessment, but there are benefits to having an objective 3rd party do this risk analysis.
- FRSecure can look at the security environment objectively and tell you what you need to know without a hidden agenda
- FRSecure is purely a security company, so we strive to be the best at assessing security programs against regulations like HIPAA
- We know how to do these assessments. You aren’t paying us to “figure it out”.
What makes FRSecure different?
FRSecure is not a checklist security company. There is a big difference between having an experienced security expert complete a HIPAA Security Rule Audit versus other methods, like downloading a template.
There are many significant value propositions that our clients realize. Examples include:
- FRSecure’s Methodology – FRSecure has developed a proprietary approach to assessing information security risks. It’s more than a checklist of questions and recorded answers. Our approach gives you a full picture of your risks – prioritized and rated – with recommended solutions, so you know which security investments will have the greatest impact.
- FRSecure’s Project Leader – All of our project leaders have more than 15 years of information security experience as a leader in, and consultant for hundreds of companies ranging from the Fortune 100 to SMBs. BIO’s for our project leaders are available upon request.
- Full Transparency – FRSecure strongly believes in empowering our customers. The more knowledge transfer that occurs during our engagement, the more value our customers recognize. FRSecure fully discloses the methods, tools, and configurations used to perform analysis work for our customers in the hope that they can easily adopt our processes for their future benefit.
- Product Agnostic – FRSecure does not represent any third-party products or services; on purpose. Our projects and recommendations stand on their own, with no ulterior motive to sell you things you don’t really need.
What are the deliverables I should expect?
We consistently get great feedback on our reporting style. FRSecure has spent years developing reports that communicate assessment results in clear, easy to digest ways, that are appropriate for both technical and non-technical audiences. Typical deliverables out of an information security assessment include:
- Executive Summary Report
- Full Report
- Action Plan and/or Road Map
What does a Meaningful Use Risk Analysis cost?
The cost of a Meaningful Use Risk Analysis is largely dependent on the size and complexity of the environment. We take into account your organization’s size, complexity, industry, compliance requirements, and most importantly, your actual needs. Because of our tailored approach, all you need to do is spend a few minutes on the phone with our team to make sure we are delivering exactly what you need and want.