As part of that wonderful thing known as meaningful use (in order to get money from the government for my medical practice transitioning to an electronic record), I am required to do a security assessment and I decided to use the government’s handy tool to help me. I can deal with questions about how I prevent theft of medical information, unauthorized logging on to computers and keeping patients from seeing reports of other patients. But then I came to this question:
Does your practice implement procedures for identifying and assessing the criticality of its information system applications and the storage of data containing ePHI that would be accessed through the implementation of its contingency plans?
and I give up. I don’t even want to try to unpack that question. Yes? No? Maybe? HELP ME!!!
My non-expert effort at translating Government-ese to English
Does your practice implement procedures for identifying and assessing the criticality of its information system applications and the storage of data containing ePHI that would be accessed through the implementation of its contingency plans?
Do you have a way to determine which computer programs that you use to access and store electronic patient records are critical programs? What is your contingency plan for accessing that information if the normal ways fail?
Yes, it’s asking: how important are your electronic records, what would happen if they failed, and what steps are you taking to soften the blow if that happens.