SOURCE: NWN Corporation

NWN Corporation

March 09, 2010 12:43 ET

Hospitals and Physicians Can Receive Billions in Subsidies With Meaningful Use of EMRs

Three Security Firms Create Consortium to Automate and Lower Cost of Compliance Services

WALTHAM, MA--(Marketwire - March 9, 2010) - Under the American Recovery and Reinvestment Act (ARRA) hospitals and physicians can receive $19 billion in subsidies over five years for making "meaningful use" of certified Electronic Medical Record (EMR) systems. Under the Stage 1 draft guidelines published in the Federal Register on Jan 13, 2010, "meaningful use" involves 22 transactional standards and a security standard, referred to as "item 23." Item 23 requires that hospitals and Eligible Professionals "Conduct or review a security risk analysis per 45 CFR 164.308(a) (1) and implement security updates as necessary." Stage 3 compliance, required in 2015, is expected to require full compliance with the HIPAA Security Rule to continue to receive funds. Compliance with the transactional standards is available from a variety of EMR vendors but few, if any, offer qualifying risk assessment services, much less full HIPAA Security Rule compliance.

To meet the item 23 security standard meaningful use requirements, a consortium has been created that includes security consulting provider NWN Corporation (, compliance consulting vendor ACR 2 Solutions (, and SCAP scanning vendor Lumension ( Together with their strategic partners ThreatGuard ( and Centurion Group (, the consortium members provide hospitals and physicians with bundled services ranging from Stage 1 initial risk assessment to full HIPAA security rule compliance including real-time monitoring of business associate security and Unified Compliance Framework tracking of policies and procedures.

Compliance with 45 CFR part 164, the HIPAA Security Rule, is summarized in Special Publication 800-66 from the National Institute of Standards and Technology (NIST). Full compliance involves application of a variety of policies, procedures and safeguards, including vulnerability scanning using technology developed under Homeland Security sponsorship in the Security Content Automation Program (SCAP). ACR 2 risk assessment software, first publicly demonstrated at the 2007 CyberCrime conference in Kennesaw, GA, uses SCAP validated scan results to produce real-time risk monitoring. 

Initial risk assessments, including SCAP scanning of selected workstations, can be completed in three to four hours at a cost of less than $2,000 per location. The risk assessment, combined with implementation of initial safeguards as recommended by the risk assessment Gap report, meets or exceeds the item 23 requirements for Stage 1 meaningful use. First year payments for EPs are $18,000 per physician, while first year payments for hospitals begin at $2,000,000. 

A recent joint project in upstate New York utilized Lumension SCAP scanning and ACR risk assessment software to bring a group of four hospitals into item 23 meaningful use compliance. Jana Grose, CIO (Chief Information Officer) of Massena Memorial is the client-side project manager for the hospital group. She states: "When I first saw this product, I instantly realized the potential this solution provided. This software tool gives me a total readout of what I need to do as a hospital CIO so that I may run my department more effectively and ultimately better serve the patients of the North Country." Jana has over twenty years experience in Healthcare Information Technology and won Hospital and Health Network Magazine's "Most Wired" award in 2007. A similar project for Eligible Professionals is under review by the 160 members of the North Country Physicians Organization, PLLC under the direction of its administrator, Joel S. Duhl.

More information on the initial Stage 1 Meaningful Use item 23 package for hospitals is available on the ACR 2 Solutions website, A downloadable brochure and order form are available on the ACR 2 website or may be obtained by email to

Kevin Fiscus, NWN National Practice Leader Security Testing, Assessment and Response can be reached at or 336.232.5259.

About NWN Corporation
Headquartered in Waltham, MA, woman-owned NWN Corporation provides clients with a complete range of system integration services and solutions. These range from business systems strategy and design to IT architecture, implementation, nCare™ remote management, and IT staffing. The company's technology specialties include unified communications; enterprise computing, including systems, wireless and physical infrastructure; data storage and business continuity; information security; and application development. NWN also brings its clients the premier products in the industry, tailored to their specific needs and situations. These include technologies from Cisco, Microsoft, Hewlett-Packard, EMC, VMware and many others.

NWN's clients include private and public sector organizations in almost every line of work. It provides solutions to major banks, universities, manufacturers, hospitals, and state and local government agencies. With eleven offices throughout the eastern US, Texas, California and Utah, the privately-held company serves clients operating locally, nationally and internationally. In addition to corporate headquarters in Waltham, MA, NWN serves clients with offices in Farmington, CT; Mt. Laurel, NJ; Raleigh, NC; Greensboro, NC; Charlotte, NC; Greenville, SC; Houston, TX, Sacramento, CA, Fresno, CA, and Salt Lake City, UT. The company's Smart Government practice serves clients nationwide.

Contact Information

  • Mont Phelps
    NWN Corporation

    Kevin Fiscus
    National Practice Leader
    Security Testing, Assessment and Response
    NWN Corporation