Objective 1: Protect Patient Health Information

Previously known as Meaningful Use Stage 3, CMS renamed the EHR Incentive Programs to Promoting Interoperability in April 2018. The program has evolved over time as providers have adopted EHRs and is focused on interoperability across EHRs and improving patient access to health information, hence the name Promoting Interoperability.

At time of attestation you will need a screenshot of the QIC and a download of the SQL to a CSV file. All information should be saved to your "Book of Evidence". This can be an electronic folder of all documentation for the reporting period.

Objective 1: Protect Patient Health Information

Objective 1 requires a practice to attest they have conducted a security risk assessment, there is no threshold to meet with this objective.

  • Attestation Requirements:
    • Conducted or reviewed a security risk analysis yearly.  A security risk analysis must be conducted within the calendar year of the EHR reporting period
    • Implemented security updates as necessary.
    • Corrected identified security deficiencies as part of the provider's risk management process.