To help physicians and their practices ensure compliance with both the new Meaningful Use audit and the HIPAA Security Rule, as required of meaningful use recipients, CompuTech City has developed a comprehensive Meaningful Use Risk Assessment. This program will audit the physician’s meaningful use attestation records as well as the practice’s conformance with the HIPAA Security Rule as set forth under Core Measure 15. This CMS measure states that providers must conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), implement security updates as necessary and correct identified security deficiencies as part of its risk management process. “To receive attestation, eligible professionals must attest YES to having conducted or reviewed a security risk analysis in accordance with the requirements, implemented security updates as necessary and corrected identified security deficiencies prior to or during the EMR reporting period.” Explains Saurin Patel, CEO of CompuTech City.
The CompuTech City program will provide a comprehensive audit and assessment that includes evaluating, accessing, and updating appropriate administrative, technical, and physical controls within the medical practice. Once completed, the Risk Assessment will document all required and recommended criteria for both Meaningful Use attestation as well as compliance with the HIPAA security rule. CompuTech City spent several months developing the risk assessment around the federal guidelines set forth by CMS, Health and Human Services, and the National Institute of Standards and Technology (NIST). The assessment addresses nine key deliverables that the federal and state regulators will be looking for not only during the initial audit stages but in years to come as CMS releases further stages of assessing the ongoing use of EMR systems. The nine core components to the CompuTech City Risk Assessment are: 1) system characterization; 2) threat identification; 3) vulnerability identification; 4) control analysis; 5) likelihood determination; 6) impact analysis; 7) risk determination; 8) control recommendations; and 9) results documentation.
“Risk analysis should be an ongoing process to regularly review records, detect security incidents, evaluate the effectiveness of security measures in place, and re-evaluate potential risks,” says Patel. CompuTech City advises its clients to engage in an annual risk assessment.
For more information on Meaningful Use Attestation and CMS Audits, please visit:
CompuTech City, LLC, has been providing Healthcare IT Services to Central Florida’s medical community since 2002. The company, headquartered in Lake Mary, Florida, currently supports over 500 medical practices throughout Central Florida, with additional clients throughout both Florida and the United States. CompuTech City is a HIPAA certified Managed Services Provider offering complete IT services focused solely on the healthcare vertical, to include EMR sales, support and hosting; hardware and software sales, network design and monitoring; medical office set-ups and relocations; data back-up and disaster recovery, IT planning and budgeting; complete managed services; and break-fix services. For additional information, visit the CompuTech City website at www.computechcity.com or call (407) 745-1848.