Is this something that is done by GE or is it up to the practice to handle this measure? I noticed it says "EPs must conduct or review a security risk analysis...", but I wanted to make sure that GE doing patches and updates to the software didn't count for this.
The practice is responsible for the risk analysis.
Thanks for the quick response, Mitch.
Mitch is correct–it's the responsibility of the practice to perform and review it each year as well as document issues and correct them. Here is a Guide from ONC that helped us grasp it better.
Thanks for the pdf, Sam. That explains it a lot better.
We are using a fairly generic excel template for filling this out. Is there a template out there that might be geared towards Centricity Practice Solution or an EMR in general?
Not that I have run across, but I would love to see one if anyone else has it. 🙂
Yes, there is a toolkit. There's a lot to it, but it should give you everything you need. I posted it in this thread.
Thanks Mitch! This is actually the one I found online.
I asked GE about it just to make sure they didn't have anything, and they definitely do not have a template. My team is working on re-creating an excel of one we found (and liked) on paper, and I'll upload that when it's finished.
We've used the spreadsheet toolkit many times to help practices through the REC in Pennsylvania, and it's worked really well for everyone. There's also an application you download and use to track your assessment. It's a bit cumbersome, but some people might like it better than a spreadsheet. Unfortunately, I don't remember where I downloaded it, but it came from one of the government agencies.
Mitch, Is this the application you are referring to?
HIPAA Security Rule Toolkit
I haven't used this app but I can report the spreadsheet along with this checklist is very helpful.
Yep, that's it.