We field many questions on Registration and Attestation for Meaningful Use here at Iron Comet. Using an EMR like McKesson’s Medisoft Clinical is new to most practices and some hand holding is required to get the much needed incentive dollars available.
There are complexities that exist in the process and Stage 1 seems to be easier than the upcoming stages. Because we provide this much needed service, it’s important to remember that the eligible provider will be held responsible in the event of an audit. Therefore it is important to stay involved in the process so as not to be blindsided when there are questions about your attestation.
A typical question would be on Core Objective #15: “Have you conducted or reviewed a security risk analysis? This entails the actual HIPPA Security Risk Analysis and it should be understood that the staff should be up to date on these issues. It involves Protected Electronic Health Information and is bolstered by implementing new security updates and corrective actions when a deficiency is identified.
To meet this requirement, many doctors think they need outside consultation but that might not be necessary. The analysis simply should be a way to possibly identify threats to the protection of electronic health information. The language states the following: “Conduct or review a security risk analysis and implement security updates as necessary and correct identified security deficiencies as part of its risk management process”. Helpful commentary can be found on the HIPPA website and the document Security Standards: Implementation for the Small Provider.
Iron Comet Consulting is a certified Platinum Reseller for McKesson and is located in Stockbridge Georgia. We are a full service medical IT and billing company.