Celebrating 20 Years Helping Our Customers Achieve Success!

Sound advice. Simple approach.

Some EHR Incentive Payment Recipients Lacked Risk Assessments

Audit Finds Millions Paid Inappropriately Due to Lack of Evidence

Although OIG found 6 percent of eligible professionals in its review sample were unable to support their attestations of conducting a security risk assessment, Keith Fricke, partner and principal consultant at tw-Security, says the actual figure among healthcare providers who have weak security risk assessment practices is likely higher.

“It is probably a safe bet to say that more than 6 percent do a poor job of conducting or documenting security risk assessments, but I don’t how much higher the metric is,” he says. “Some organizations don’t fully understand what a risk assessment involves. Others may conduct a risk assessment and document the findings but take no action on addressing findings. I often see documentation that states it is a risk assessment, when in fact, it is really a HIPAA gap analysis. Those are two very different things.”……


For more information or to schedule a FREE initial consultation – contact tw-Security.
Read More