A requirement for Stage 1 Meaningful Use is to conduct a security risk analysis, implement updates as necessary and correct deficiencies. This assessment will review and document the hospitals current state and compare it to HIPAA Security & Privacy Rules, recent changes to healthcare security enacted by the HITECH Act of 2009, and any other applicable regulatory requirements.
The engagement will focus on the evaluation of process controls for the operational and environmental-related policies, procedures, and/or processes which govern the IT services provided by the hospital. The deliverable will identify the degree of compliance against recognized standards and requirements and provide recommendations with regard to best practices and high-level remediation requirements to bring about compliance. The engagement is typically done over a 4 – 6 week time period.