Objective 1: Protect Patient Health Information

Objective: Protect electronic protected health information (ePHI) created or maintained by the CEHRT through the implementation of appropriate technical, administrative, and physical safeguards

Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the security (including encryption) of data created or maintained by CEHRTClosed Certified EHR Technology, an EHR that conforms to the ONC's Health IT Certification Program criteria and standards in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), implement security updates as necessary, and correct identified security deficiencies as part of the provider’s risk management process.
Reporting EPsClosed Eligible Professional: a Medicaid provider who qualifies for the Medicaid Promoting Interoperability Program must attest YES to conducting or reviewing a security risk analysis and implementing security updates as necessary and correcting identified security deficiencies to meet this measure.

Security Administrators can use Security Settings and reports as part of a security risk analysis:

Return to 2018 Medicaid Promoting Interoperability Objectives

 

Didn't find the answer you were looking for?

Contact Sevocity Support 24/7 at 877‑777‑2298 or support@sevocity.com