Health Information Security Resources

Below are links to free resources for security-related issues. Bookmark this page and check back periodically; as more resources are discovered, this page will be updated.

These links and samples are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by KFMC. If we can help, please contact Kelly Stephens.

Security Rule - Federal Register


Link leads to third-party web site.Cybersecurity for Small Businesses - Free resources from the Federal Trade Commission including cybersecurity basics, physical security, phishing, vendor security, cyber insurance, remote access and more; videos, quizzes, materials, employer guides

Security Training

Privacy/Security Incidents/Breaches

Business Associate Agreements

Policies and Procedures

Cloud Computing Environment

Disaster Preparedness and Recovery Plan

Security Risk Assessment and Security Rule Implementation



Promoting Interoperability Program

(formerly known as the Medicaid EHR Incentive Program, aka Meaningful Use)

2018 Program Requirements for Kansas Medicaid Promoting Interoperability Program

The Centers for Medicare & Medicaid Services (CMS) is renaming the EHR Incentive Programs to the Promoting Interoperability (PI) Programs to continue the agency’s focus on improving patients’ access to health information and reducing the time and cost required of providers to comply with the programs’ requirements. CMS is also in the process of finalizing updates to the programs through rulemaking. For more information, visit the link to external website landing page where CMS will publish updates and additional resources as soon as they are available.

In October 2015, CMS released a link to external website final rule that specified criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to participate in the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs. The final rule’s provisions encompass 2015 through 2017 (Modified Stage 2) as well as Stage 3 in 2018 and beyond.

On August 14, 2017, CMS published the Fiscal Year 2018 Medicare Hospital Inpatient Prospective Payment System (IPPS) and Long Term Acute Care Hospital (LTCH) Prospective Payment System Final Rule, which contains several changes that directly affect the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs (now called Promoting Interoperability Programs). Click here for the This document requires Adobe Acrobat Reader to open. CMS overview of the changes to the incentive programs as a result of this Rule.

What you should know about 2018 Promoting Interoperability

  • 2016 was the last year to begin your participation and earn incentives. EPs can earn incentives for a total of six years through 2021; the participation years do NOT have to be consecutive. EPs who have not previously participated in the Medicaid EHR Incentive Program prior to 2017 are not eligible to earn the incentives.
  • Providers may attest to either the Modified Stage 2 or Stage 3 objectives and measures for 2018.
    • Providers attesting to the This document requires Adobe Acrobat Reader to open. Modified Stage 2 objectives and measures have the option to use 2014 Edition Certified EHR technology (CEHRT), 2015 Edition CEHRT, or a combination of the two.
    • Providers attesting to This document requires Adobe Acrobat Reader to open. Stage 3 objectives and measures have the option to use 2015 Edition CEHRT or a combination of the 2014 and 2015 CEHRT editions, as long as their EHR technology can support the functionalities, objectives, and measures for Stage 3.
  • For 2018, the EHR reporting period for all participants is a minimum of any continuous 90 days from January 1 through December 31, 2018.
  • EPs must also report a minimum of link to external website 6 Clinical Quality Measures. As stated in CMS’s This document requires Adobe Acrobat Reader to open. Overview of CQM Reporting Requirements, EPs must use the full calendar year for the reporting period for Clinical Quality Measures.



Free Health Information Technology Assistance for Medicaid Providers

With funding from Kansas Department of Health and Environment, Division of Health Care Finance (KDHE/DHCF), KFMC is providing free education and hands-on assistance to Medicaid providers to optimize their use of electronic health information technology. KDHE/DHCF encourages the use of certified electronic health record technology (CEHRT) by all Medicaid providers. With the help of KFMC’s health IT consultants, Medicaid providers are able to meet the Medicaid Promoting Interoperability objectives (formerly known as Meaningful Use objectives) to earn the incentives.

Free assistance is available to Medicaid providers (MDs, DOs, Nurse Practitioners, Nurse Midwives, and Dentists) for:

  • Medicaid Promoting Interoperability program education
  • Promoting Interoperability Registration and Attestation and Reporting
  • Certified EHR Technology Verification and Configuration
  • Current Promoting Interoperability and Clinical Quality Measures Requirements
  • Promoting Interoperability Measures Monitoring
  • Electronic Protected Health Information (EPHI) Security Risk Analysis
  • EPHI Security Risk Management Action Plan Development
  • HIPAA Privacy and Security Policies and Procedures Review, Development and Updating
  • Certified EHR Technology Implementation including
    • Readiness Assessment
    • Vendor Selection
    • Implementation Assistance (Go Live)
  • Process Analysis and Redesign
  • Health Information Support.

For more information on KFMC’s work with Medicaid HIT, please contact Kelly Stephens.


Health IT Team

Photo of Kelly Stephens
Kelly Stephens, BGS, CAHIMS
Health IT Manager
Photo of Gary Carder
Gary Carder, BA, RRT, Network+, Security+
Health IT Consultant

Beckie Archer
Health IT Security Consultant