CMS issues security risk analysis guidance

The Centers for Medicare & Medicaid Services has released a security risk analysis tip sheet to help eligible providers conduct security risk analyses, required not only pursuant to HIPAA's security rule, but also to meet both Stages 1 and 2 of Meaningful Use. 

The tip sheet points out that while there are no "best practices" to conducting one, most risks analyses and risk management programs have steps in common, including review of existing infrastructures, identification of potential threats to privacy and security, and prioritization of risks. The tip sheet also dispels several myths about security risk analyses, such as relying on assurances from one's electronic health record vendor. Tip sheet (.pdf)

Suggested Articles

Roche, which already owned a 12.6% stake in Flatiron Health, has agreed to buy the health IT company for $1.9 billion.

Allscripts managed to acquire two EHR platforms for just $50 million by selling off a portion of McKesson's portfolio for as much as $235 million.

Artificial intelligence could help physicians predict a patient's risk of developing a deadly infection.