Core 9: Protect Electronic Health Information

Objective 

Protect electronic health information created or maintained by the certified EHR technology (CEHRT) through the implementation of appropriate technical capabilities. 

Measure

Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 DFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process for eligible professional's. 

Attestation Requirements

  • YES/NO
  • Eligible professional must attest YES to conducting or reviewing a security risk analysis and implementing security updates as needed to meet this measure. 

Exclusion

There are no exclusions for this measure.

 

To get started on conducting your security risk analysis click here to view the security risk analysis tip sheet, and here to view the security risk analysis tool. 

  

For additional information from the CMS regarding Core 9: Protect Electronic Health Information click here.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk