Now that the final rule for 2015 meaningful use has been released, we have received some questions as to whether there are changes that will need to be made to our Security Risk Analysis template. The final rule was released on October 16, 2015, and changed the Medicare and Medicaid EHR Incentive Programs reporting period in 2015 to a 90-day period aligned with the calendar year.
The good news is that the final rule did not include any modifications to Security Rule requirements, and therefore does not necessitate any changes to our 2015 Security Risk Analysis template. If you have already completed a Security Risk Analysis during 2015, and used our template, you will NOT need to re-do it, or change anything.
The rule specifies that you may select any 90-day period in the calendar year as a measurement period, and that your Security Risk Analysis must be completed during the same calendar year, and before you submit your attestation. So, even if you conducted your Security Risk Analysis outside of your 90-day measurement period, that is fine, as long as it took place during 2015, and was completed prior to submitting your attestation.
HIPAA Compliance System Subscribers
Security Risk Analysis – The 2015 Security Risk Analysis template is available in the Member Services area of our website. Simply log in to locate the document on the HIPAA Compliance System materials page, and then save the template to your hard drive to enable saving your entries. Explanations, instruction and HIPAA Compliance Manual references are provided for each item to be addressed within the risk analysis.
Risk Analysis Assistance – If you would prefer that Eagle Associates complete your risk analysis with you, you may call to schedule a phone conference with one of our consultants. During the call, our consultant will collect information about the security measures that are in place in your practice, make note of these in the risk analysis document, and identify any corrective actions that are needed to comply with Security Rule requirements. The fee for this service is $350. (Note that an active subscription to the HIPAA Compliance System is required.)