Congratulations to tw-Security—2024 Best in KLAS® Security & Privacy Services!

We're #1! Thank you to all our partners and customers!

Some EHR Incentive Payment Recipients Lacked Risk Assessments

Audit Finds Millions Paid Inappropriately Due to Lack of Evidence

Although OIG found 6 percent of eligible professionals in its review sample were unable to support their attestations of conducting a security risk assessment, Keith Fricke, partner and principal consultant at tw-Security, says the actual figure among healthcare providers who have weak security risk assessment practices is likely higher.

“It is probably a safe bet to say that more than 6 percent do a poor job of conducting or documenting security risk assessments, but I don’t how much higher the metric is,” he says. “Some organizations don’t fully understand what a risk assessment involves. Others may conduct a risk assessment and document the findings but take no action on addressing findings. I often see documentation that states it is a risk assessment, when in fact, it is really a HIPAA gap analysis. Those are two very different things.”……


For more information or to schedule a FREE initial consultation – contact tw-Security.
Read More