Security Risk Analysis

Most healthcare organizations will have to perform a Security Risk Analysis (SRA) to comply with MIPS. The Promoting Interoperability (PI) SRA is the same, requiring you to:

Conduct or review a security risk analysis in accordance with the requirements in 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI data created or maintained by certified EHR technology in accordance with requirements in 45 CFR164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the MIPS eligible clinician’s risk management process.

This is a scoreless pre-requisite that must be completed in order to achieve any points in the PI category!

Chirpy Bird Inc. conducts SRAs with a structured, streamlined approach.

Does your organization have the skills, knowledge, and time to perform a quality SRA that will stand up to audit scrutiny?
Chirpy Bird has the proven experience to help.

The Chirpy Bird SRA Approach

By following the National Institute of Standards and Technology (NIST) risk assessment methodology, our work will include:

  • A framework to establish an ongoing HIPAA Risk Assessment program and a Network assessment
  • Identifying and assessing potential risks, vulnerabilities, and areas of greatest concern
  • Guidance on risk mitigation

The Chirpy Bird Delivery

When we complete your basic SRA, you will receive:

  • A completed SRA with recommended remediation actions
  • Facility walkthrough notes
  • Sample security policy
  • Privacy security breach reporting management plan
  • Recommendations for ongoing security updates

Contact us today to discuss our SRAs for MIPS in more detail.