EHR Objective 1: Protect Electronic Health Information

This information applies to EHR Modified Stage 2 for Program Years 2015 to 2018. For current information, see:

• EHR Modified Stage 2
• 2019 Program Requirements - Medicaid
• Open Dental EHR

Measure: Conduct or review a security risk analysis (SRA) to identify which security policies and procedures are in place and risks that need to be addressed. The analysis must be documented in a security risk analysis report.

Exclusion Available?

No

Resources

From CMS:

• 2017 Spec Sheet (PDF)
• 2018 Spec Sheet (PDF)
• Security Risk Assessment Tool
• Guidance on Risk Analysis

From Open Dental:

• HIPAA
• Encryption of Data at rest and in transit

Calculations

This is a Yes/No measure and not based on a percentage calculation.

Setup / Instructions

The security risk analysis should occur prior to, or during, your first reporting period, and then again for each subsequent reporting period.