Theft and unauthorized transfer of medical records is a lucrative criminal enterprise, and reported data breaches have resulted in severe financial loss. A Security Risk Analysis (SRA) is one of the most effective methods to avoid these incidents. In addition, SRA is the first step in HIPAA security rule compliance efforts.
And now, a SRA is required for all eligible clinicians (ECs) who use Electronic Health Record (EHR) technology, the same standard required by the Centers for Medicare and Medicaid Services (CMS) to meet Meaningful Use requirements. The mandatory SRA falls under the Advancing Care Information (ACI) category of the Merit-based Incentive Payment System (MIPS).
Download our reference sheet for more of what you need to know about a Security Risk Analysis.