Healthcare: Time Is Running Out to Complete Your Meaningful Use Risk Assessment.


December 31st is fast approaching and if your healthcare organization hasn’t completed your Meaningful Use Risk Assessment for 2013 you’d better get busyIf you miss the deadline, you may have to return a full year of EHR (Electronic Health Record) incentive payments.

Your EHR or EHR components must meet the standards set by the Office of National Coordinator for Health Information Technology (ONC). An up-to-date list is posted on the ONC’s website at:

To receive EHR incentive payments, you must demonstrate that you have met the criteria for the EHR Incentive Program’s privacy and security objective and ensure adequate privacy and correct any identified deficiencies.  Plus a Meaningful Use Risk Assessment must be conducted at least once prior to the beginning of an EHR reporting period (annually).  

The EHR Incentive Program and the HIPAA Security Rule don’t mandate how the risk assessment should be done.  This is left up to you. Below are commonly recommended steps for performing an assessment:

  1. Identify the scope of the analysis
  2. Gather data
  3. Identify and document potential threats and vulnerabilities
  4. Assess current security measures
  5. Determine the likelihood of threat occurrence
  6. Determine the potential impact of threat occurrence
  7. Determine in the level of risk
  8. Identify security measure and finalize documentation
  9. Develop and implement a risk management plan
  10. Implement security measures
  11. Evaluate and maintain security measures

You will need to attest to CMS (Centers for Medicare and Medicaid) or your State that you have conducted the Assessment and have taken any corrective actions to eliminate the security deficiency or deficiencies identified in the Risk Assessment.

Integris is working around the clock to ensure assessments are performed, so be sure your Risk Assessment is completed by December 31, 2013.  For more information call us at (888) 330-8808 or email us immediately at

We're Integris. We're always working to empower people through technology.

Keep reading

Nine Policies and Procedures for Compliance with HIPAA

Nine Policies and Procedures for Compliance with HIPAA

The HIPAA Security Rule was enacted in 1996 by the U.S. Congress, designed to establish national standards to protect individuals’ electronic personal health information used and/or stored by a covered entity. The HITECH act states that all healthcare providers will...

Healthcare Providers Must Educate Patients About EHRs.

Healthcare Providers Must Educate Patients About EHRs.

Healthcare providers are increasingly adopting the use of electronic health records (EHRs); however, many of them fail to explain to their patients how they work. It’s crucial for healthcare providers and hospital staff to help patients understand how EHRs work, and...