While talking with medical professionals at a conference this past weekend, it came to light that many who have already attested compliance with Meaningful Use do not have a current, valid, customized HIPAA manual. If you find yourself in that situation, you must remedy this immediately because it means that you are NOT meeting Meaningful Use and if you are audited here is likely to be significant fines levied against you.
Measure 15 of Meaningful Use mandates a security risk analysis per 45 CFR 164.308 (a)(1) and implemented security updates as necessary and corrected identified security deficiencies as part of your risk management process. The result of this is your HIPAA manual. HHS has stated that "[I]t is critical for each covered entity to establish policies and procedures that address its own unique risks and circumstances." You need to do this annually and you need to train your staff annually.
Please either do this yourself or sign up for a service to help you with this.
If you use TrakNet or Sammy, their preferred provider is TLD Systems. They work with other companies as well. TLD Systems can be reached at (631) 445-3147.
Whether you do it yourself or use a service, do not ignore this important part of Meaningful Use.