Protect Electronic Health Information

Measure Criteria

Objective: Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical capabilities.

Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a) (1), including addressing the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR 164.312 (a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified.

Exclusion: No exclusion.

Measure Calculations


Eligible professionals (EPs) must attest YES to conducting or reviewing a security risk analysis and implementing security updates as needed to meet this measure.

CMS Resources

For more detailed information on this measure, please click on the reference link below. This CMS documentation includes information on exclusions, attestation requirements, a definition of terms, and important additional information.

Reference CMS: Protect Electronic Health Information

SOAPware Meaningful Use 2014 Resource Center

Please contact our Training Department to obtain access to our Meaningful Use 2014 Resource Center that includes SOAPware's comprehensive step-by-step Meaningful Use 2014 Roadmaps and Clinical Quality Measures Roadmap, along with other helpful resources. To request access to our Meaningful Use 2014 Resource Center, please contact our Training Department by submitting at ticket: Training Ticket.