In order to meet the requirements for Stage 1 meaningful use, it is required that you perform a HIPAA security risk assessment performed at your practice each time you attest to meaningful use. If you checked the box “yes” on your attestation, and have not had this completed, you will need to have the assessment done on your practice. This is a very comprehensive process that not only assists you in being compliant but what should be considered to be “best practice” for any medical entity.
If you are wondering why you should do this, the quick answer is, it is the LAW. As with any law, fine and penalties will apply. Many websites, including HHS.gov, the AMA, etc. are filled with HIPAA laws and requirements. Sorting through, understanding, and implementing all of these laws and what is required of you can be quite challenging. Because of this, DCF has created a comprehensive plan to make sure you are in compliance with every HIPAA security rule.