United States Health Information Knowledgebase

 

Protect Electronic Health Information

Eligible Professionals Core Set / Stage 1 / Number 15 of 15

Name:Protect Electronic Health Information
Item Type:Core and Menu Objective
Number:15 of 15
Stage:Stage 1
Date Issued:11/7/2010
Type:Eligible Professional Meaningul Use Core Measure
Objective:Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.
Definition:Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.
Exclusion:No exclusion.
Attestation Requirements:YES / NO

Eligible professionals (EPs) must attest YES to having conducted or reviewed a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implemented security updates as necessary and corrected identified security deficiencies prior to or during the EHR reporting period to meet this measure.
URI:
Registration Authority:Centers for Medicare & Medicaid Services
Administrative Attributes
Date Of Submission: 2012-11-01
Responsible Organization:Centers for Medicare & Medicaid Services
Submitting Organization:Centers for Medicare & Medicaid Services
Steward Organization:Centers for Medicare & Medicaid Services
Downloads
PDF
Download a PDF containing all metadata and information. [Download PDF Reader icon for external link]
Excel
Download an Excel spreadsheet containing all metadata and information. [Download Excel Reader icon for external link]
Resources

CMS - Frequently Asked Questions


Frequently Asked Questions
For guidance on a specific eCQM, please visit the CMS FAQ page as the source of truth

http://www.cms.gov/Regulations-and-Guidance/Legistation/EHRIncentivePrograms/FAQ.html Exit Disclaimer

QDM - Quality Data Model


HQMF - Health Quality Measures Format


HL7 Version 3 Standard: Representation of the Health Quality Measures Format (eMeasure), Release 1
http://www.hl7.org/documentcenter/public/standards/dstu/V3_HQMF_R1_DSTU_2010MAR.zip Exit Disclaimer

SVS - Sharing Value Sets


IHE IT Infrastructure(ITI) Technical Framework Supplement - Sharing Value Sets 10 (SVS)
http://www.ihe.net/Technical_Framework/upload/IHE_ITI_Suppl_SVS_Rev2-1_TI_2010-08-10.pdf Exit Disclaimer

CTS2 - Common Terminology Services 2


Definition of Terms:Appropriate Technical Capabilities - A technical capability would be appropriate if it protected the electronic health information created or maintained by the certified EHR technology. All of these capabilities could be part of the certified EHR technology or outside systems and programs that support the privacy and security of certified EHR technology.
Additional Information:EPs must conduct or review a security risk analysis of certified EHR technology and implement updates as necessary at least once prior to the end of the EHR reporting period and attest to that conduct or review. The testing could occur prior to the beginning of the first EHR reporting period. However, a new review would have to occur for each subsequent reporting period.

A security update would be required if any security deficiencies were identified during the risk analysis. A security update could be updated software for certified EHR technology to be implemented as soon as available, changes in workflow processes or storage methods, or any other necessary corrective action that needs to take place in order to eliminate the security deficiency or deficiencies identified in the risk analysis.
Scroll To Top