BEI Offers New Service: Stage 1 Meaningful Use Core Set Measure 15 Risk Analysis

Share Article

Stage 1 Core Set Measure 15 is one of the requirements for healthcare practices who are applying for federal incentives for Electronic Health Record Systems. BEI helps healthcare practices qualify for these incentives by conducting a security risk analysis to meet this important Stage 1 condition.

Mike Jennings, President of BEI

Mike Jennings, President of BEI

Mike Jennings noted: “One of the benefits we bring is that we’ve researched the requirements, know the process and can conduct an efficient and effective audit.”

Past News Releases


BEI is offering a new service to assist healthcare practices to achieve Meaningful Use. Many practices are in the process of becoming “Meaningful Users” of their electronic health record (EHR) systems. Most of the initial measures involved with Meaningful Use involve some type of provider behavior (e.g. eprescribing 40% of the time) or turning on and using some aspect of the EHR (e.g. generate a list of patients by specific condition).

Core Set Measure 15 is different. Measure 15 asks the provider to “Conduct or review a security risk analysis, implement security updates as necessary and correct identified security deficiencies as part of its risk management process.” The objective here is to be able to prove the provider is protecting electronic health information created or maintained by their EHR. The good news is that this is something that every business, especially businesses who store confidential patient (or client) information should be doing anyway. Any changes that result from the Measure 15 Risk Analysis are just good business practices and will help keep the practice and their patients’ Protected Health Information (PHI) safe from any “bad guys” that are out there.

Mike Jennings, President of BEI commented, “Risk analysis is not new – it has been part of the HIPAA Security Rule since 2003 and is something that practices should have been doing all along. One of the most difficult issues for practices is that there is not a lot of guidance to go by to know what the federal government is looking for here regarding this particular risk analysis. One of the benefits we bring is that we’ve researched the requirements, know the process and can conduct an efficient and effective audit.”

Most companies rely heavily on their internal computer networks to conduct their day-to-day business. Today’s networks usually consist of fairly standard hardware including PCs, laptops, servers, wireless networking, routers, switches, firewalls, etc. Virtually all of these networks are connected to the Internet. For the most part, a connection to the Internet is a tremendous asset: employees can send and receive email, search for information, give web demonstrations and perform a myriad of other functions. However, an increasingly big issue is that of security. Just about every day there is an article in the newspaper about a major security breach of one type or another. Most companies take computer security very seriously, as it is not to their advantage to have their servers hacked or their email compromised. Despite all their efforts, however, corporate IT security remains an issue that companies must focus on every day. Although adding security to a network is an extra cost (both in the cost of the measures themselves and extra time it may take an employee to perform a certain task), it is a necessary and unavoidable cost of doing business.

Jennings continued, “When HHS developed the EHR Incentive Program, the need to insure that ePHI (electronic Protected Health Information) was secure was a very high priority. Privacy is one of the core tenets of HIPAA, and is assumed by all Americans. We all expect that when we go to the doctor, our medical records will remain private and secure. BEI’s Core Set Measure 15 Risk Analysis is designed to do just that – make sure practices take the proper steps to protect the privacy of its patients and their medical data created or maintained by the EHR system. This also protects our clients and helps ensure that they will be able to collect their EHR incentives.”

Jonathan Krasner, BEI’s Healthcare IT Consultant added, “HIPAA Security Rule auditing, of which Core Set Measure 15 Risk Analysis is just a subset of, is already included in the service agreements we have with our healthcare clients. We review the entire HIPAA Security Rule program of our clients’ annually and practices find that while the first audit may be fairly time consuming, subsequent years are typically pretty straightforward. Issues are identified in the beginning and then if the plan is followed it is just a matter of fine-tuning. HHS will be conducting random audits of providers who receive incentive money, so this measure should not be taken lightly. Documentation of the risk analysis and resulting security implementation is very important”

Practices that are interested in using BEI for their Core Set Measure 15 Risk Analysis should contact Mr. Krasner directly at 703-528-8300 x 105 or jonathan.krasner(at)

BEI is a privately owned business that has been providing IT support services to organizations of all sizes throughout the Washington DC metro area since 1987. Today BEI provides network design, installation, support, maintenance and procurement services to hundreds of clients in the region and has become the area’s premier provider of healthcare IT consulting and services. Healthcare IT is very different than the services and support that is typically provided to other businesses - people are walking around, logging on and off PCs all the time, and using all types of peripherals (scanners, cameras, medical devices) for data input. BEI is focused on thoroughly understanding and supporting these requirements.

BEI is a Microsoft Partner with Gold Competencies in Server Platform and Volume Licensing. BEI is working with the Virginia Regional Extension Center (VHIT) to provide Meaningful Use consulting to practices in Northern Virginia. BEI is affiliated with the Montgomery County Medical Society, the Arlington County Medical Society, the Northern Virginia Practice Management Association, the Healthcare Information and Management Systems Society and the Microsoft Health Users Group. Subscribe to BEI’s Healthcare IT newsletter.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Ellen Jennings
703-528-8300 125
Email >
Visit website