The Security Risk Analysis (SRA) is a Health Information Portability and Accountability Act (HIPAA) requirement and it is also required by CMS for both Meaningful Use and Merit-based Incentive Payment System (MIPS). However the most important reason to do an SRA is to keep your patients Protected Health Information (PHI) safe. An SRA has to be conducted annually to be compliant with HIPAA and CMS requirements.
The information stored in your Electronic Health Record (EHR) is very attractive to hackers. Your EHR has everything hackers need for identify theft all in one place. Steps to ensure the safety of your patient’s PHI include:
A SRA conducted by GCREC does all the above. The SRA Package given at the completion of our assessment includes:
Please contact GCREC if you are interested in securing your network and your PHI.