In addition to assisting Rapid City Medical Center during their recent meaningful use audit, we also performed their Security Risk Assessment (SRA). Read their thoughts on how it went.
A Security Risk Assessment (SRA) is required by the HIPAA Security Rule (45 CFR 164.308(a)(1)) and the related core meaningful use criteria as described in the final CMS Medicaid and Medicare Electronic Health Records Incentive Rule.
We recently completed Rapid City Medical Center’s SRA. Darrel Riddle, CEO at Rapid City Medical Center, had this to say about the assessment:
We recently expanded our relationship with them (HealthPOINT) to include performing our Security Risk Assessment for 2014. They were very thorough and gave us education and suggestions for improvement along with the security assessment. South Dakota should be proud that we have such a high quality organization to assist with some of the dynamic changes in healthcare.
Keys to Security Risk Assessments (SRA)
- Don’t rely on a checklist for your SRA. Hiring a consultant will give you a more objective opinion.
- Create and keep an up-to-date list of your software and hardware that stores, transmits and accesses electronic Protected Health Information (ePHI). Also document its location, security features, and risk likelihood and impact.
- Your SRA should become or be included in your organization’s Risk Management Plan which addresses noted risks including an assigned timeframe, personnel and budget.
If you are looking to complete a Security Risk Assessment as part of meaningful use, sign up for a free consultation on how our security risk assessments are completed.