Objective 1: Protect Patient Information

The Protect Patient Information or Protect Electronic Protected Health Information (ePHI) objective requires eligible providers to perform a security risk analysis based on the following requirements:

Measure: Protect electronic protected health information (ePHI) created or maintained by the CEHRT through the implementation of appropriate technical, administrative, and physical safeguards.

Security Risk Analysis includes:

  • Physical inspection report
  • List of security deficiencies and how they were mitigated
  • Standards followed when conducting security risk analysis
  • How is encryption/security of data at rest addressed?


Resources

Security Risk Analysis Tip Sheet: Protect Patient Health Information

2019 Protect Patient Health Information (Objective 1 of 8)

2020 Protect Patient Health Information (Objective 1 of 8)