To receive attestation, eligible professionals must attest YES to having conducted or reviewed a security risk analysis.
Lake Mary, FL (PRWEB) August 15, 2012
Physicians across Florida who have already received a meaningful use incentive check for adopting an electronic medical records (EMR) system, may soon begin receiving audit notices from Figliozzi and Co., an accounting firm based in Garden City, NY, who has been contracted by the Centers for Medicare & Medicaid Services (CMS). It was recently determined that CMS and Figliozzi and Co. have begun the audit process, which was mandated by Congress back in 2009 as part of the federal stimulus package that created the EMR stimulus program, more commonly known as Meaningful Use.
The federal audit will focus on eligible professionals (EPs_ who obtained their incentives from Medicare and hospitals that received incentive payments from both Medicare and Medicaid. Physicians who received incentives from Medicaid alone, will be subject to audits by the states and their contractors.
As of June 2012, more than 55,000 physicians earned incentive payments for the meaningful use of EMRs in 2011 or 2012, with incentive payments now totaling more than $1 billion according to officials with CMS. If a physician is found to be ineligible as a result of the audit results, they will be required to return the incentive funds they received.
To help physicians and their practices ensure compliance with both the new Meaningful Use audit and the HIPAA Security Rule, as required of meaningful use recipients, CompuTech City has developed a comprehensive Meaningful Use Risk Assessment. This program will audit the physician’s meaningful use attestation records as well as the practice’s conformance with the HIPAA Security Rule as set forth under Core Measure 15. This CMS measure states that providers must conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), implement security updates as necessary and correct identified security deficiencies as part of its risk management process.
“To receive attestation, eligible professionals must attest YES to having conducted or reviewed a security risk analysis in accordance with the requirements, implemented security updates as necessary and corrected identified security deficiencies prior to or during the EMR reporting period.” Explains Saurin Patel, CEO of CompuTech City.
The CompuTech City program will provide a comprehensive audit and assessment that includes evaluating, accessing, and updating appropriate administrative, technical, and physical controls within the medical practice. Once completed, the Risk Assessment will document all required and recommended criteria for both Meaningful Use attestation as well as compliance with the HIPAA security rule. CompuTech City spent several months developing the risk assessment around the federal guidelines set forth by CMS, Health and Human Services, and the National Institute of Standards and Technology (NIST). The assessment addresses nine key deliverables that the federal and state regulators will be looking for not only during the initial audit stages but in years to come as CMS releases further stages of assessing the ongoing use of EMR systems. The nine core components to the CompuTech City Risk Assessment are: 1) system characterization; 2) threat identification; 3) vulnerability identification; 4) control analysis; 5) likelihood determination; 6) impact analysis; 7) risk determination; 8) control recommendations; and 9) results documentation.
“Risk analysis should be an ongoing process to regularly review records, detect security incidents, evaluate the effectiveness of security measures in place, and re-evaluate potential risks,” says Patel. CompuTech City advises its clients to engage in an annual risk assessment.
For more information on Meaningful Use Attestation and CMS Audits, please visit:
About CompuTech City
CompuTech City, LLC, has been providing Healthcare IT Services to Central Florida’s medical community since 2002. The company, headquartered in Lake Mary, Florida, currently supports over 500 medical practices throughout Central Florida, with additional clients throughout both Florida and the United States. CompuTech City is a HIPAA certified Managed Services Provider offering complete IT services focused solely on the healthcare vertical, to include EMR sales, support and hosting; hardware and software sales, network design and monitoring; medical office set-ups and relocations; data back-up and disaster recovery, IT planning and budgeting; complete managed services; and break-fix services. For additional information, visit the CompuTech City website at http://www.computechcity.com or call (407) 745-1848.