Are Your Security Risk Analysis and Risk Management Programs Updated?

March 11th, 2016 | Published Under Practice Transformation by Staci Quesada

With the deadline for attesting to the EHR Incentive Programs fast-approaching and the Office of Civil Rights (OCR) announcing 200 desk audits in 2016, its time to make certain your security risk analysis (Objective 1), and risk management programs are up-to-date and sufficient to meet requirements.

According to Zinethia Clemmons, Senior Health Information Privacy Specialist with the OCR, their desk audits will be covering “select provisions” including Risk Analysis and Risk Management. Last year, OCR audits found over 2/3 of practices failed to meet the Risk Analysis and Risk Management provisions.

Clemmons says that through their audits they can “identify Covered Entities for further enforcement through HIPAA,” but emphasizes that the audits are, “not intended to be punitive.” She notes their first step will be to provide technical assistance to Covered Entities to assist with compliance.

To learn more about Risk Analysis and Risk Management, the ONC offers security rule guidance materials and resources on their website,

CORHIO can help you make sense of Meaningful Use requirements and prepare your attestation correctly. Contact us today for assistance.

About the Author

Staci Quesada