ACI – Security Risk Analysis (Required)

Advancing Care Information – Security Risk Analysis

About this Objective: Protect electronic health information created or maintained by the certified EHR technology (CEHRT) through the implementation of appropriate technical capabilities.

Measure:

Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI data created or maintained by certified EHR technology in accordance with requirements in 45 CFR164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the MIPS eligible clinician’s risk management process.

Exclusion:

No exclusion

Note: Not shown on ChartLogic reports.

How to meet this Objective:

Run the Security Risk Assessment Tool (Print Results in case of an Audit): Click Here

CMS Information

CMS MIPS ACI Page