Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration.

Published byRaymond Collins Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration."— Presentation transcript:

1 How to Conduct and Implement a Security Risk Assessment (SRA) September 12 & 13, 2016

2 Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration – BP: Secure™ Portal Questions

3 Introduction Mark E. Ferrari, MS, PMP, CISSP, HCISPP Vice President, Chief Information Security Officer BluePrint Healthcare IT Phone:

4 What is MU Objective #1 all about?
Protect Patient Health Information Objective Protect electronic health information created or maintained by the CEHRT through the implementation of appropriate technical capabilities. Measure Conduct or review a security risk analysis in accordance with the requirements in 45 CFR (a)(1), including addressing the security (to include encryption) of ePHI created or maintained by CEHRT in accordance with requirements under 45 CFR (a)(2)(iv) and 45 CFR (d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP's risk management process. Exclusion No exclusion.

5 Specifics of the Measure:
Meeting MU Objective #1 Specifics of the Measure: Implement policies and procedures to prevent, detect, contain, and correct security violations. Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate. Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level. Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures. Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. Implement a mechanism to encrypt and decrypt electronic protected health information. Equivalent alternative measures

6 Meeting MU Objective #1 Conduct a thorough assessment or review covering the key security areas for all locations Identifying threats, vulnerabilities, risks and deficiencies by reviewing: Physical safeguards Administrative safeguards Technical safeguards Policies & procedures Organizational requirements

7 Meeting MU Objective #1

8 Best Practices – Completing a Security Risk Analysis
Who should complete the SRA? When should the SRA be completed? At least annually; during program year and before attestation How to document completion? How to address data encryption? What to do after system upgrades? Deficiencies addressed/corrections made consistent with risk management process

9 Best practices – Creating an Action Plan
Who should be involved in decision-making? Demonstrate decision-maker commitment to and involvement in the process Assigning responsibility and accountability Creating a timeline Reviewing progress as a group Documenting progress Implementing a robust, ongoing risk management process

10 Tools for Performing an SRA
Spreadsheets ONC SRA Tool - professionals/security-risk-assessment-tool BP: Secure™ - SRA Portal - services-overview/privacy-security/securetm

11 BP: Secure™ Portal Demonstration

12 Questions Questions?

Download ppt "Overview Introduction Meaningful Use Objective for Security Key Security Areas and Measures Best Practices Security Risk Analysis (SRA) Action Plan Demonstration."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.

CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.
PRIVACY, SECURITY AND MEANINGFUL USE Is your practice compliant?

PRIVACY, SECURITY AND MEANINGFUL USE Is your practice compliant?
Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.

Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Security Controls – What Works

Security Controls – What Works
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google