EMRIS

Electronic Medical Records Implementation Services

SERVICES
EHR Selection Services
Implementation Services
Optimization Services
Security Risk Assessment
Workflow Design
Data Conversion
Scanning & Document Management
Reporting & Template Customization
ePrescribing
EHR Data Mining and Reporting
Security Risk Data Analysis
Recruiting & Helpdesk Support
Meaningful Use Audits
Training

Security Risk Data Analysis

What is a Security Risk Analysis?

A security risk analysis is an assessment of your practice’s administrative, technical, and physical safeguards as they pertain to the protection of patient information. The HIPAA Privacy Rule establishes national standards to protect medical records and personal health information (PHI).

Why do I need a Security Risk Analysis?

As Core requirement for meaningful use, a security risk analysis MUST be conducted prior to or during your meaningful use reporting period in order to satisfy this objective. Specifically, the measure states that practices must “conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.” Failure to provide documentation of this analysis exposes providers to fines, lawsuits and loss of incentive funding. Furthermore, a security risk analysis is also an important requirement if audited by the OCR or HHS.

EMRIS follows a formal process following the guidelines published by the National Institute of Standards and Technology (NIST) and provide you with the documentation and policies your practice needs to comply with the requirements of meaningful use Core objectives. Furthermore, we offer recommendations and an action plan to remedy any deficiencies identified in the analysis to ensure your patient information is adequately safeguarded.

  • Executive Summary. High-level overview of findings and recommendations.
  • Policy & Procedure Templates. Editable templates ready to implement in your practice for quick compliance.
  • Asset Evaluation. Detailed analysis of your practice’s assets and associated threats/vulnerabilities.
  • Business Associates Evaluation. Detailed analysis of business associates and their associated threats/vulnerabilities.
  • Vulnerability Scan Report. Detailed report identifying network security threats/vulnerabilities.
  • Security Control Evaluation. Detailed analysis of the controls your practice currently has in place and their associated risk and potential impact.
  • Remediation Recommendations & Plan. Concise recommendations and action plan to quickly address any deficiencies in your current security safeguards.