CMS and OCR / Tuesday, June 7, 2016 / Categories: Achieving Meaningful Use, HIPAA Security Risk Analysis Tip Sheet Protect Patient Health Information - Updated March 2016 Conducting or reviewing a security risk analysis to meet the standards of Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule is included in the meaningful use requirements of the Medicare and Medicaid EHR Incentive Programs. Eligible professionals must conduct or review a security risk analysis for each EHR reporting period to ensure the privacy and security of their patients’ protected health information. Conducting a security risk analysis is required when certified EHR technology is adopted in the first reporting year. In subsequent reporting years, or when changes to the practice or electronic systems occur, a review must be conducted. Print 27233 Tags: CMSEHRAttestationEligible ProfessionalsMeaningful UseMUIncentive ProgramStage 2reporting difficultieselectronic protected health informationePHIPHISecurity Risk AnalysisSRA Documents to download 2016_SecurityRiskAnalysis(.pdf, 245.22 KB) - 1961 download(s) Resource Links Link to the original file at CMS.GovThis tip sheet1 provides an overview of the security risk analysis requirement. Related Resources Digital Health Strategy to Enable Comprehensive Care: Navigating Regulatory Waters- Compliance and Considerations Health Center Resilience in the Face of Cyber Adversity A Guide to Essential Cybersecurity Tasks for Health Centers Sensitive Information and the Electronic Patient Record Interoperability Readiness Scorecard