Health Information Security Resources

Below are links to free resources for security-related issues. Bookmark this page and check back periodically; as more resources are discovered, this page will be updated. If we can help, please contact Kelly Stephens.

Security Rule - Federal Register

Security Training

Privacy/Security Incidents/Breaches

Business Associate Agreements

Policies and Procedures

Disaster Preparedness and Recovery Plan



MU Stage 2 Modified (2015 - 2017)

2016 Program Requirements

In October 2015, CMS released a final rule that specifies criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to participate in the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs. The final rule’s provisions encompass 2015 through 2017 (Modified Stage 2) as well as Stage 3 in 2018 and beyond.

Here’s what you need to know about meeting EHR Incentive Programs requirements in 2016.

Objectives and Measures

  • All providers are required to attest to a single set of objectives and measures. This replaces the core and menu structure of previous stages.
  • For EPs, there are 10 objectives, and for eligible hospitals and CAHs, there are 9 objectives.
  • In 2016, all providers must attest to objectives and measures using EHR technology certified to the 2014 Edition. All providers may attest to objectives and measures using EHR technology certified to the 2015 Edition, or a combination of the two (if the 2015 Edition is available).

Alternate Exclusions

  • EPs, eligible hospitals and CAHs that were scheduled to be in Stage 1 in 2016 may claim an alternate exclusion for an EHR reporting period in 2016 for Objective 3: Computerized Provider Order Entry, Measures 2 and 3 (lab and radiology orders), or choose the modified Stage 2 objective and measures.
  • Eligible hospitals and CAHs that were scheduled to be in Stage 1 in 2016, or were scheduled to demonstrate Stage 2 but did not intend to select the Stage 2 eRx objective for an EHR reporting period in 2016, may claim an alternate exclusion for an EHR reporting period in 2016 for Objective 4: Electronic Prescribing or choose the modified Stage 2 Objective.
  • Providers scheduled to be in Stage 1 and Stage 2 in 2016 may claim an alternate exclusion for the Public Health Reporting measure(s) that might require acquisition of additional technologies that they did not previously have or did not previously intend to include in their activities for meaningful use. EPs may claim an alternate exclusion for measure 2 (syndromic surveillance) and measure 3 (specialized registry reporting). Eligible hospitals may claim an alternate exclusion for measure 3 (specialized registry reporting).
  • Review this fact sheet for an overview and more details about alternate exclusions for certain objectives and measures in 2016.

Here is an easy to use summary of the objectives and measures for eligible providers for Modified Stage 2.

All providers must also report clinical quality measures (CQMs) as part of the meaningful use requirements. Here is a summary of CQMs for 2016. For more information about these measures, see’s eCQM Library.


Medicaid Health IT

Meaningful Use (MU) Assistance – Medicaid Electronic Health Records Incentive Program (EHRIP) Education and Consultation

With funding from Kansas Department of Health and Environment, Division of Health Care Finance (KDHE/DHCF), KFMC is providing education and hands-on assistance to Medicaid providers to optimize their usage of electronic health information technology. KDHE/DHCF encourages the use of certified electronic health record technology (CEHRT) by all Medicaid providers. With the help of KFMC health IT consultants, Medicaid providers are able to not only meet the Meaningful Use objectives, thus earning the Medicaid EHRIP incentives, but learn to use the technology to improve patient and population health outcomes.

Free assistance is available to Medicaid providers (MDs, DOs, Nurse Practitioners, Nurse Midwives, and Dentists) for:

  • Medicaid EHRIP program education
  • EHRIP Registration and Attestation and Reporting
  • Certified EHR Technology Verification and Configuration
  • Current MU and Clinical Quality Measures Requirements
  • Meaningful Use Monitoring
  • Electronic Protected Health Information (EPHI) Security Risk Analysis
  • EPHI Security Risk Management Action Plan Development
  • Information Systems Security Policies and Procedures Review, Development and Updating
  • Certified EHR Technology Implementation including
    • Readiness Assessment
    • Vendor Selection
    • Implementation Assistance (Go Live)
  • Process Analysis and Redesign
  • Health Information Exchange Connectivity.

Digital Spring Cleaning—Download the easy-to-use tips to tidy up digital disorder and safely dispose of old electronic devices and data. Share these tips with colleagues, staff, family and friends to jump-start the digital de-cluttering process.

For more information on KFMC’s work with Medicaid HIT, please contact Kelly Stephens.


Health IT Team

Kelly Stephens
Health IT Project Manager

Beckie Archer
Health IT Security Consultant

Regional Extension Center (REC)

The Regional Extension Center grant has expired as of April 7, 2016. During the six years that KFMC was the regional extension center (REC) for the state of Kansas, our consultants helped over 1,674 Kansas providers select, implement, and meaningfully use their Health Information Technology. Additionally, through our strong partnership with The Kansas Hospital Education and Research Foundation (KHERF), we provided assistance to our 95 critical access and rural hospitals.

To boil this down further, of the 9,891 healthcare providers in Kansas, 4,940 (or 50%) are registered with CMS to participate in the EHR incentive programs. 4,116 eligible providers have already received at least one incentive payment for a combined total of over $118 million. We directly assisted 952 of those earning an incentive for a total of $28.9 million.

Receiving education and assistance from our partner, KHERF, 82 Critical Access Hospitals and 13 Rural Hospitals have benefitted directly from the REC grant. Of these 95 participating hospitals, 90 have adopted certified EHR technology and 88 have achieved Meaningful Use and have collectively earned over $101 million in CMS incentives.

We have also worked with the federally qualified health centers (FQHCs) and rural health clinics (RHCs) throughout our state. The Kansas Association for the Medically Underserved has been a great partner throughout the REC Grant, and together we have assisted 15 of the 16 FQHCs in Kansas and 91 RHCs.

We are proud of the progress Kansas has made toward the interoperability of electronic health information and the possibilities for quality improvement this transformation provides. We are proud of the role KFMC played in furthering HHS’s triple aim of improving health care quality, improving population health, and reducing unnecessary health care costs. Secretary Burwell’s vision fit nicely with KFMC’s stated mission of leading innovation to improve the quality, effectiveness and safety of healthcare.