With a New Year just days away, it is time to take a look at your latest HIPAA Security Risk Analysis (SRA). If your organization failed to complete an SRA this calendar year, there is still time to do so!
As many healthcare providers finalize preparations for Modified Stage 2 Meaningful Use (MU), it is critical to remember that an SRA is an important part of that requirement. If audited, failure to complete an SRA can result in a mandatory requirement to give back awarded Meaningful Use dollars. Read more on supporting documentation for audits.
We’ve included a few commonly asked questions pertaining to MU and some important FYI’s for this coming attestation deadline:
What is the Deadline to Attest for MU?
The 2016 Modified Stage 2 deadline is February 28, 2017 (that is an extended date.)
How long is the MU Reporting Period?
Your practice or organization may attest anytime during the year and the reporting period 90-days in length.
Why is an SRA Required for MU?
HIPAA requires organizations that handle electronic protected health information (ePHI) to regularly review the administrative, physical and technical safeguards they have in place to protect the security of the information. By conducting these risk assessments, health care providers can uncover potential weaknesses in their security policies, processes and systems. Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events. (SOURCE: HHS.gov)
In Order to Attest for MU, When does an SRA Need to be Completed?
The Final Rule for MU Stage 3 states the following regarding protection of health information: “The measure must be completed in the same calendar year as the EHR reporting period. If the EHR reporting period is 90 days, it must be completed in the same calendar year. This may occur either before or during the EHR reporting period; or, if it occurs after the EHR reporting period, it must occur before the provider attests or before the end of the calendar year, whichever date comes first.”
The HIPAA One software suite is current with the new HIPAA Audit Protocol and utilizes powerful automation to remove the administrative burden of completing an SRA. Being that extra time is something many healthcare professionals lack, our software makes it possible to complete an SRA in hours, instead of days/weeks.* Additionally, the HIPAA One Security Risk Analysis tool meets all the requirements set by MU and includes CMS certification numbers directly on the final report.
Should your organization need some help in completing an SRA, we’d love to hear from you. Visit our Contact Us page.
*subject to change based on organization size