Risk Analysis for Meaningful Use

We have developed a simple to follow, easy to implement Risk Assessment for Meaningful Use Stage 1 Core Objective #15.  In

Menu Item #15 Meaningful Use Stage 1

case there is any question of what you are required to do, here are the exact requirements:

  • Conducts a risk assessment based on HIPAA requirements
  • Accomplish this risk assessment within your 90 day windows
  • All items for which you are deficient must have an action plan devised to ensure compliance is attained

To ensure you get exactly  what you need, answer a few questions below and we’ll point you to the exact solution for your situation.

Which type of EHR do you use?  Select your Answer below:

  • Server based  (I have a server in my office)


Some typical questions we get asked are:

  • How long does this take?
    • That depends on how big your practice is – how many computers you have, how many locations, etc.  Typically, in a single provider, single location practice, our risk assessment can be accomplished in about 1 day.
  • Is this software?
    • No – this is a detailed checklist of items that must be checked not only on your computers, but the physical security of your office and the training of your staff.
  • Must I do this every year?
    • This risk assessment will be a part of your attestation each year.  The great part is, once you accomplish the risk assessment this year, and fix your short falls, you following years will be much easier,

The reality of this situation is this: the absolute best method to conduct a risk analysis is to have a team of experts come to your office for a “boots-on-the-ground” full risk assessment.

The problem with this method is it is very expensive…Very expensive.

We have developed what we call the Hybrid Risk Assessment.

First, you run through our simple, yet detailed checklist to see what the exact picture of risk is for your practice.  Then, as part of our product we include a 45 conference call.  During this call we go through the items for which your practice is deficient.  For each of those items we help you decide on the best means to become compliant for these items.

This way, you aren’t left with any questions.  You know exactly what needs to be accomplished to ensure complete compliance with HIPAA regulations.