Privacy and Security Guide and Risk Assessment

The Office of the National Coordinator for Health Information Technology (ONC) has released a Revised Guide to Privacy and Security of Electronic Health Information. This new version of the Guide provides updated information about compliance with the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs’ privacy and security requirements as well as the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. The Guide can be downloaded at:

The department of Health and Human Services, has released a Security Risk Assessment (SRA) tool to help small to medium practices determine HIPAA risks and address them. The SRA tool, which takes eligible professionals (EP) through HIPAA requirements, provides yes or no questions and needed corrective action plans for practices to achieve HIPAA compliance. These questions assist healthcare providers with identifying potential weakness in their security policies, processes and systems as well as identify vulnerabilities that can lead to data breaches and other security problems.

The SRA website also provides user tutorials, helpful videos, downloading instructions for the SRA tool, and steps to implement Electronic Health Records (EHR) systems. EPs participating in the Medicaid EHR Incentive Program can use the SRA website to assist with required security risk analysis, information about EHR incentives, certification and to achieve specific Meaningful Use requirements.

To download the SRA tool visit

Additional Resources – Texas Medicaid EHR Incentive Program

  •  Learn about program rules and steps by using the self-paced e-learning module at:
  •  Visit the Texas Medicaid Health IT website for updates on the EHR Incentive Program and other health IT initiatives.
  •  For more information about MU documentation or other program questions, contact: or call 1-855-831-6112.