Protect Electronic Health Information

Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical capabilities. 

Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR 164.312 (a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process for eligible hospitals.

 

Measure Numerator

Eligible hospitals and CAHs must attest YES to having conducted or reviewed a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implemented security updates as necessary and corrected identified security deficiencies prior to or during the EHR reporting period to meet this measure. 

 

Measure Denominator

n/a