June 26, 2013
You know – I’m asked ‘How often should I perform my security risk assessment in my practice?’ and the answer to that is the risk assessment should be performed periodically and for most practices periodic means annually. If you are doing it for the first time for Meaningful Use Core Measure #15, then you would carry through and annually – that would start your annual testing and analysis and you would do that every year thereafter to meet compliance standards in accordance with your policies. In addition to that, when something changes – you have a technical change such as a new system, router, server, or something changes in your technical setup of your system, computer systems, or electronic records system – when something changes, you want to perform another risk analysis at that time to determine if there is any risk to be mitigated there.
Share and Enjoy: