Security risk analysis measure.

(ii) Security risk analysis measure. Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the security (to include encryption) of ePHI created or maintained in CEHRT in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary, and correct identified security deficiencies as part of the eligible hospital's or CAH's risk management process.


42 CFR § 495.22

Scoping language

Is this correct? or