This measure requires you to conduct or review a security risk analysis with respect to abiding by the HIPAA Security Rule, specifically the Security Management Process (45 CFR 164.308 (a)(1)). To meet this measure, you also need to implement security updates as necessary and correct identified security deficiencies as part of your risk management process. You must conduct or review a security risk analysis and implement security updates as necessary at least once prior to the end of the EHR reporting period.
Practice Fusion Meaningful Use Dashboard Calculation
Complete/Incomplete: After completing the requirements for this measure, you must manually indicate completion in your 2018 Meaningful Use Dashboard.
Exclusion (learn more)
In collaboration with the HHS Office for Civil Rights, the Office of the National Coordinator for Health IT (ONC) released a security risk analysis (SRA) tool to help practices conduct and document a comprehensive assessment to identify risks in their organizations. The SRA tool also produces a report that can be useful for audits.
MS has also created a Security Risk Analysis Tip Sheet to help you understand this requirement. Since your practice is unique and you know your practice best, you are ultimately responsible for security and privacy measures that are appropriate and reasonable for your practice's needs and capabilities.
For additional support, you may want to consult with a qualified professional who can use his or her expertise to help mitigate risks, identify potential areas for improving security, and train your staff. Make sure to keep any documentation you use for your records to prove you have completed this measure during your reporting year.