In addition to freeing up time for compliance, the provision to delay ICD-10 for an additional year will free up additional time to focus on meaningful use and security risk analysis. As part of both Stage 1 and Stage 2 meaningful use requirements, eligible professionals are required to conduct or review a security risk analysis.
Did you know for 2014 only, that all providers are only required to demonstrate meaningful use for a 3 month EHR reporting period? CMS is permitting a one-time three month reporting period in 2014 to allow all providers who must upgrade to 2014 Certified EHR technology time to implement their new Certified EHR systems.
To demonstrate meaningful use for years 2014 and beyond, all providers are required to report on clinical quality measures. The recommended core sets of electronic clinical quality measures include one core set for adult populations, and one core set for pediatric populations.
In 2014, EHR reporting requirements for the EHR incentive program include two options available for eligible professionals:
- Attest to clinical quality measures through the EHR Registration & Attestation System.
- eReport CQMs through Physician Quality Reporting System Portal.
Additional meaningful use requirements include measures that address conducting or reviewing a security risk analysis to ensure the privacy and security of patients' protected health information.
Security Risk Analysis
A security risk analysis may be difficult for practices to understand. When it comes to performing a security risk analysis it may be difficult to understand where to begin.
Think of security risk analysis as an action plan for protecting patient privacy, and a process of identifying and examining potential threats and vulnerabilities to protected health information. This is arguably the most important step an organization can take towards implementing safeguards that mitigate or lower risks to your ePHI.
The continuous process of mitigating or lowering risks to your ePHI is the process of security risk management. Effectively managing risk involves continuously implementing changes to make PHI more secure.