Risk Assessment

CMS Core Security Requirements: Can you Comply?

HIPAA may be the focus of healthcare security and compliance officers, but it is not the only mandate governing the protection of personal health information.

The Centers for Medicare & Medicaid Services (CMS) has published a set of security guidelines, the Core Security Requirements (CSR), that define minimum security requirements for all CMS systems. By the first quarter of 2005, CMS will require its contractors to comply with the "High" level of information security and protection. Contractors who do not meet this highest level of compliance will be prevented from bidding on, or even retaining, CMS business.

Are You Prepared?
Tunitas Group can help. Our Risk Assessment program helps you to document your compliance to the CMS security requirements. Where gaps are identified, our healthcare security professionals help you to select appropriate controls to mitigate threats and improve security operations. Contact us for more information.

Additional Information

CMS Core Security Requirements Overview (825KB PDF)
CMS Information Security Acceptable Risk Safeguards (ARS) Overview (130KB PDF)