The Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs were established to encourage eligible professionals and eligible hospitals to adopt, implement, upgrade (AIU), and demonstrate meaningful use of certified EHR technology. A meaningful use risk assessment ensures adequate privacy and security protections are in place to protect electronic health information. The approach of the risk assessment is to concentrate on the functionality, the flow of information, and the underlying technology of the defined area. The Department of Health and Human Services (DHHS) recommends utilizing NIST Special Publication 800-30 Revision 1: Risk Management Guide for Information Technology Systems, as guidance.
In accordance with NIST standards, Sage employs a five-step process to determine risk level, and if required, appropriate remediation recommendations. The risk assessments employ a multidisciplinary interview approach. Each risk assessment will include the following information:
Note: Meaningful Use Risk Assessment Update engagements will update findings and controls for current year along with HIPAA compliance ratings.
Sage’s Meaningful Use Information Security Risk Assessment methodology does not involve statistical sampling or testing, but is based instead on information gathered during interviews with hospital/practice staff Subject Matter Experts (SMEs).
We customize each interview, control set, and results report to fit your specific environment. Topics include:
A “Meaningful Use Risk Assessment” Report for each application which documents:
There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”
A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.
Are you struggling to find the time to effectively monitor your network for potential threats? Let nDiscovery do the detective work for you! We translate generic threat data into specific actionable intelligence – cutting through the noise so you can focus on what is truly important.