An accurate assessment of potential risks is essential to your entity's health in relation to ongoing compliance with privacy and security regulations.
If you use, disclose or store ePHI (electronic Protected Health Information), HIPAA's Security Rule mandates that covered entities and business associates periodically conduct a Risk Analysis. The Security Rule describes the Risk Analysis as including "an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic Protected Health Information." This also applies to non-electronic PHI per the HIPAA Privacy Rule.
To prove meaningful use and take advantage of EHR incentive dollars (Medicare Part B, Medicare Advantage and Medicaid incentives), you must conduct a Risk Analysis.
Stage 1 requirements for EHR (electronic health record) meaningful use for eligible professionals or eligible hospitals and critical access hospitals (CAHs) include protecting electronic health information as a core objective. CMS measures whether or not an entity meets the core objective based on that entity's completion of a Risk Analysis that satisfies the conditions of the associated Code of Federal Regulations.
This webinar will assist hospitals and EPs in understanding the Risk Analysis cycle, including: