A security risk analysis? Is this something we have to hire a professional for? Surely a small practice won't need to do a comprehensive analysis like this! Will we have to repeat the entire thing every year? Doesn't the EHR already take care of all the security needed?
Don't panic! This is primarily a one-time security assessment, followed up regularly with security updates and fine-tuning as necessary. Due to the nature of this objective, AuroraEHR doesn't calculate it; however, that doesn't have to mean you are on your own.
CMS has provided plenty of help to see you through the security risk analysis:
1. There is a handy tipsheet with everything you need to know about the requirement, including all the answers to the questions above.
2. There is a downloadable tool which walks you through the process and identifies any actions you need to take to improve your security.
The idea of identifying and performing a thorough security risk analysis customized to your practice may seem daunting at first, but with the tools at hand, it becomes quite straightforward.
by Laura Rowe
