Objective 1: Protect Patient Information
(Health IT Security Risk Assessment Tool) (Modified Stage 2)

The Protect Patient Information or Protect Electronic Protected Health Information (ePHI) objective requires eligible providers to perform a security risk analysis based on the following requirements:

Measure: Protect electronic protected health information (ePHI) created or maintained by the CEHRT through the implementation of appropriate technical, administrative, and physical safeguards.

Security Risk Analysis includes:

  • Physical inspection report
  • List of security deficiencies and how they were mitigated
  • Standards followed when conducting security risk analysis
  • How is encryption/security of data at rest addressed?
Objective Measures 2018 Medicaid PI Modified Stage 2 2019 Medicaid PI Stage 3
Obj 1: Protect Patient Information Perform Security Risk Analysis No change


Security Risk Analysis Tip Sheet: Protect Patient Health Information

Protect Patient Health Information (Objective 1 of 8)