These steps should begin 90 days before the target date to start the meaningful use program, ONC counsels. Steps in the plan include:
* Confirm the organization is covered entity using tools on ONC’s Web site;
* Designate a privacy and security officer;
* Document why you have security measures in place and where they are, how they were created and are being monitored, and retain relevant records that support attestation;
* Conduct a security risk analysis or reassess the existing analysis;
* Develop a plan to address threats and vulnerabilities identified in the analysis;
* Develop updated policies and procedures supporting the new plan, and retain outdated policies and procedures;
* Train the workforce on the new policies and procedures;
* Communicate with patients about privacy and security issues, and emphasize the benefits of EHRs;
* Update business associate agreements requiring compliance with the privacy, security and breach notification rules; and
* Attest for the security risk analysis when attesting for meaningful use. Do not register or attest for the program until completing the privacy/security component. “Providers participating in the EHR Incentive Program can be audited,” ONC reminds stakeholders. “When you attest to meaningful use, it is a legal statement that you have met specific standards.”
Details on the 10-step plan are available here.
Be the first to comment on this post using the section below.