Scroll Top

Failing a Meaningful Use Audit or How the Dog Ate My Security Risk Analysis Documentation

Seriously, we have been hearing that the Department of Health and Human Services (DHHS) , Centers for Medicare and Medicaid Services (CMS) have been auditing and failing organizations that have been attesting to Meaningful Use. Many of these folks have been failing the audit because they did not perform a security risk analysis


The reason that they failed was that they did a self risk analysis. Doing a self security risk analysis is like when I look  into a mirror and tell myself I am not fat, I’m just big-boned.

A proper Security Risk Analysis needs to performed by an outside third party. The Company Needs to have experience and provide a reporting document.

According to CMS:

• Protect Electronic Health Information – Proof that a security risk analysis of the certified EHR technology was performed prior to the end of the reporting period (e.g., report which documents the procedures performed during the analysis and the results).

What does Failing an audit mean?

You will lose all your incentive money, maybe face fines and maybe worse. All because you decided to be greedy and not hire someone to do this professionally.

I am not trying to scare anyone, I am just giving you the honest truth.

Don’t go that way. Contact Topgallant immediately. We do this for a living.

Here is the link to the CMS FAQ Audit Page:

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.