What are they looking for? Security risk assessments. CMS has stated that of all the audits they have performed, the security risk assessments are the core measure that is failing to meet its objective. Why? Some of it is that the practice doesn’t really understand what needs to be done. Some think they have done this, however they have not. There is somewhat of a gray area when it comes to security in a practice.
Make sure your practice is ready. The Centers for Medicare & Medicaid Services
has said at least one in 20 providers and hospitals will face federal MU audits, which can be both random and targeted. Keep in mind too that an organization can be audited an unlimited amount of times. If you are not sure if you have had a security risk audit, ask your IT staff or vendor, and if not, contact Tier3MD, or another vendor that can perform the required risk assessment for you.
It’s better to be prepared than to assume they won’t find you!