Skip to Content
SBMI Horizontal Logo

Security Risk Analysis

What is a Security Risk Analysis & HIPAA Training?

The Security Risk Analysis (SRA) is a Health Information Portability and Accountability Act (HIPAA) requirement and it is also required by CMS for Merit-based Incentive Payment System (MIPS). However, the most important reason to do an SRA is to keep your patient Protected Health Information (PHI) safe. An SRA must be conducted annually to be compliant with HIPAA and CMS requirements.

The information stored in your Electronic Health Record (EHR) is very attractive to hackers. Your EHR has everything hackers need for identity theft all in one place. Steps to ensure the safety of your patient’s PHI include:

  • Conduct a vulnerability assessment on your network annually
  • Follow security best practices for securing your network
  • Ensure that your security policies define the proper procedures for handling PHI and patients
  • Evaluate your physical security to ensure it limits access to your network equipment

A SRA conducted by CQHII does all the above. The SRA Package given at the completion of our assessment includes:

  • SRA report - describes your current network configuration along with your risk and potential exposures; and gives recommendations on how to mitigate them
  • SRA tool – displays how your risks and potential exposures were determined
  • Security Policy Guide – can be used to create your own security policies or to ensure your existing security policies include all areas required by HIPAA

Please contact CQHII if you are interested in securing your network and your PHI.

HIPAA

HIPAA Training Course

The Center of Quality Health IT Improvement (CQHI) HIPAA Training course will give participants the knowledge required to handle patients and Protected Health Information (PHI) in accordance with HIPAA (Health Information Portability and Accountability Act) Privacy and Security directives. HIPAA Training is for anyone that handles PHI and is required every two years to comply with HIPAA directives.

HIPAA Privacy

  • Introduction to the HIPAA Privacy Rule
  • Definition of Protected Health Information
  • Covered Entities and Business Associates
  • Authorized Use & Disclosure of PHI
  • Patient Rights
  • Breach Notification Rule
  • Enforcement

HIPAA Security

  • Introduction to the HIPAA Security Rule
  • Physical Security
  • Technical Security
  • Administrative Security
  • Cyber threats

Our course offers several benefits, including:

  • Open Registration
  • 100% online instruction
  • Self-paced course with two months’ timeframe for completion
  • Certificate of Completion provided
  • In compliance with HIPAA Training requirements for two years

Discounted Group Rates available, please contact us for more information.


Safety Assurance Factors for EHR Resilience (SAFER) Guides

What are SAFER Guides?

Safety Assurance Factors for EHR Resilience logo

The Office of the National Coordinator for Health Information Technology (ONC) developed the SAFER Guides with the goal of increasing safety and use of EHRs, so CMS Quality Programs included this new measure starting with Calendar year 2022. In addition to the Security Risk Analysis (SRA), SAFER Guides must be completed every year to meet Promoting Interoperability requirements.

If you are a MIPS eligible clinician, you must attest to the High Priority Practices SAFER Guide measure. If you are an eligible hospital, you must attest to all nine SAFER Guides.