Presentation is loading. Please wait.

Presentation is loading. Please wait.

Meaningful Use Security Risk Assessment (SRA): Resources for Eligible Professionals (EPs) Kim Bell, MHA, FACHE, PCMH-CCE Executive Director Georgia Health.

Published byCarol Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "Meaningful Use Security Risk Assessment (SRA): Resources for Eligible Professionals (EPs) Kim Bell, MHA, FACHE, PCMH-CCE Executive Director Georgia Health."— Presentation transcript:

1 Meaningful Use Security Risk Assessment (SRA): Resources for Eligible Professionals (EPs) Kim Bell, MHA, FACHE, PCMH-CCE Executive Director Georgia Health Information Technology Extension Center

2 Learning Objectives Upon completion of this session, Eligible Providers and their office staff will be able to:  Identify resources available to assist providers in identifying level of risk against pre-identified threats and vulnerabilities related to the stringent HIPAA privacy and security requirements of meaningful use. Presentation material derived from: Officer of the National Coordinator for Health Information Technology (ONC). “Guide to Privacy and Security of Health Information”. Version 1.2 060112. http://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf. http://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf 2

3 Sources Disclaimers: 1.Information contained in the guide is not intended to serve as legal advice nor substitute for legal counsel. 2.Guide is not exhaustive; encouraged to seek additional detailed technical guidance. http://www.healthit.gov/sites/default/files/ pdf/privacy/privacy-and-security- guide.pdf. http://www.healthit.gov/sites/default/files/ pdf/privacy/privacy-and-security- guide.pdf 3

4 Privacy & Security and Meaningful Use (MU) http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/ 4

5 Privacy & Security and MU: The “SRA” Eligible Professionals (EPs) must : conduct or review a security risk assessment/analysis (SRA) of certified EHR technology; implement updates as necessary at least once prior to the end of the EHR reporting period; attest to that conduct or review; and complete a security update if any security deficiencies were identified during the risk analysis. 5

6 The “SRA” A security risk assessment/analysis is a systematic and ongoing process of both: Identifying and examining potential threats and vulnerabilities to protected health information (PHI) in your medical practice; and Implementing changes to make PHI more secure than at present, then monitoring results (i.e., risk management). 6

7 The “SRA” Review Existing Security of PHI Identify Threats Assess Risks for Likelihood & Impact Mitigate Security Risks Monitor Results 7

8 The “SRA”: Key Elements of a Comprehensive Risk Assessment/Analysis Program 1.Scope the Assessment. 2.Gather information. 3.Identify realistic threats. 4.Identify potential vulnerabilities. 5.Assess current security controls. 6.Determine the likelihood and impact of a threat. 7.Determine the level of risk. 8.Recommend security controls. 9.Document the Risk Assessment results. (NIST SP 800-66) http://www.nist.gov/manuscript-publication- search.cfm?pub_id=908030 8

9 SRA… Fact or Fiction? 9

10 The “SRA”: Resources 10

Download ppt "Meaningful Use Security Risk Assessment (SRA): Resources for Eligible Professionals (EPs) Kim Bell, MHA, FACHE, PCMH-CCE Executive Director Georgia Health."

Similar presentations

Jump to first page NIST 800-30 Risk Management Guide for Information Technology Systems Reference:

Jump to first page NIST Risk Management Guide for Information Technology Systems Reference:
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.

Series 1: “Meaningful Use” for Behavioral Health Providers 9/2013 From the CIHS Video Series “Ten Minutes at a Time” Module 10: HIPAA Privacy & Security.
Series 2: Project Management Understanding and Using 6 Basic Tools 9/2013 From the CIHS Video Series “Ten Minutes at a Time”

Series 2: Project Management Understanding and Using 6 Basic Tools 9/2013 From the CIHS Video Series “Ten Minutes at a Time”
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
Critical Access Hospital Goal Setting Provided By: The National Learning Consortium (NLC) Developed By: Health Information Technology Research Center (HITRC)

Critical Access Hospital Goal Setting Provided By: The National Learning Consortium (NLC) Developed By: Health Information Technology Research Center (HITRC)
Restrictive Procedures Certification 2960.0710 Certification required. A license holder who wishes to use a restrictive procedure with a resident must.

Restrictive Procedures Certification Certification required. A license holder who wishes to use a restrictive procedure with a resident must.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
What Happens after You Sign with Missouri Health Information Technology Assistance Center?

What Happens after You Sign with Missouri Health Information Technology Assistance Center?
Risk-Focused Examinations David Vacca, Assistant Director – Insurance Analysis & Information Services, NAIC Welcome to the © 2009 The National Association.

Risk-Focused Examinations David Vacca, Assistant Director – Insurance Analysis & Information Services, NAIC Welcome to the © 2009 The National Association.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Vendor Management for Critical Access Hospitals Provided By: The National Learning Consortium (NLC) Developed By: Health Information Technology Research.

Vendor Management for Critical Access Hospitals Provided By: The National Learning Consortium (NLC) Developed By: Health Information Technology Research.
Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.
Protecting and Promoting the Practice of Good Medicine Getting Started with Meaningful Use: The impact on the professional eligible provider MMIC Health.

Protecting and Promoting the Practice of Good Medicine Getting Started with Meaningful Use: The impact on the professional eligible provider MMIC Health.
1 | Weatherization Assistance Programeere.energy.gov Eric Bell 1 Federal/State Monitoring 2010 Orientation for State WAP Directors and Staff.

1 | Weatherization Assistance Programeere.energy.gov Eric Bell 1 Federal/State Monitoring 2010 Orientation for State WAP Directors and Staff.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Consultancy.

Consultancy.

Similar presentations

Ads by Google