Skip to Content

Stage 2 Core Measure 9

Next Measure Previous Measure


Objective: Protect electronic health information created or maintained by the Certified EHR Technology through the implementation of appropriate technical capabilities.
Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the encryption/security of data stored in Certified EHR Technology in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the EP's risk management process.
Exclusion: No exclusion.

CMS Specification Sheet

TennCare Notes
This objective and measure aligns with Core Measure 15 in Stage 1 Meaningful Use, with the specification of encryption/security requirements for the storage of data.