Seriously, we have been hearing that the Department of Health and Human Services (DHHS) , Centers for Medicare and Medicaid Services (CMS) have been auditing and failing organizations that have been attesting to Meaningful Use. Many of these folks have been failing the audit because they did not perform a security risk analysis
The reason that they failed was that they did a self risk analysis. Doing a self security risk analysis is like when I look into a mirror and tell myself I am not fat, I’m just big-boned.
A proper Security Risk Analysis needs to performed by an outside third party. The Company Needs to have experience and provide a reporting document.
According to CMS:
• Protect Electronic Health Information – Proof that a security risk analysis of the certified EHR technology was performed prior to the end of the reporting period (e.g., report which documents the procedures performed during the analysis and the results).
What does Failing an audit mean?
You will lose all your incentive money, maybe face fines and maybe worse. All because you decided to be greedy and not hire someone to do this professionally.
I am not trying to scare anyone, I am just giving you the honest truth.
Don’t go that way. Contact Topgallant immediately. We do this for a living.
Here is the link to the CMS FAQ Audit Page: