If EHR Incentive Program Ending, What’s Next?
Sizing Up Impact a New Regulatory Approach Will Have on Privacy, Security
Unfortunately, some smaller provider organizations’ interest in conducting a risk assessment has been fueled only by qualifying for meaningful use incentive dollars, says Tom Walsh, founder of consulting firm tw-Security. “We see smaller providers that struggle every day just to keep their doors open for business. Once meaningful use ends, so will their efforts to maintain risk analysis at least on an annual basis. It is not as if they don’t care or don’t understand the value in doing a risk analysis; they just don’t have the resources to get it done.”
The meaningful use program provided both “the carrot and the stick” to encourage good security practices, Walsh says. “Many organizations used their MU incentive money to enhance their privacy and security posture by purchasing new products, tools and services. With operating budgets getting tighter, smaller healthcare organizations will still need help in securing their environments. Security isn’t cheap. Without the MU program, now all the government has is ‘the stick,’ – fines, penalties for [HIPAA] noncompliance or breaches,” he says.