As part of Meaningful Use Stage 2 requirements, we conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the encryption/security of data storedin CEHRT in accordance with requirements under 45 CFR 164.312 (a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP’s, EH’s, or CAH's risk management process. All risk assessments are performed leveraging HITRUST CSF, Health Information Questionnaire, Test Plans, System Scoping Templates and customizable risk reports, remediation dashboards and corrective action plans.
The flollowing domains are covered in our risk assessment process:
Information Security Policies Laptop Security Mobile Media Security Wireless Security Malware Protection Configuration Management Vulnerability Management Secure Disposal External Breach Protection PHI Transmission Protection Password Management Access Control and Monitoring Remote Access and Authentication Control Training and Awareness Third Party Security Management Incident and Breach Response Business Continuity Management Auditing Data Protection and Privacy
Risk Assessment Results:
Each domain of the MU risk assessment is structured to identify the administrative, physical, and technical safeguards (or controls) in place to protect the confidentiality, integrity, and availability of the certified EHR technologies and subsequent information. The level of risk identified by the assessment is measured by the adequacy and effectiveness of existing controls.
Schedule an overview of our methodology:
Click on the picture in this section
NexTTyme LLC PO Box 620328 Charlotte, NC 28262 Email: Inbox@nexttyme.com