Meeting the Meaningful Use Security Requirement
From a Security Perspective the following “Protect electronic health information” is mandatory and must be met by conducting a Security Risk Analysis.
Meaningful Use Security Objective is dependent on conducting a Security Risk Analysis
Mandatory Objective 15
“Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities. Identified security deficiencies Conduct or review a security risk analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct as part of its risk management process.”
- The Mandatory Required Security Elements include
- Proper Audit Logs and Trails for Electronic Health Records
- Use Integrity and Authentication when electronically transferring these records.
- The use of Encryption while electronically transferring these records
Caveat
Meeting the Mandatory Security Objective does not mean that your organization is HIPAA Compliant since Meaningful Use is only a subset of HIPAA Compliance