In order to qualify for the government's meaningful use incentive program, eligible professionals must complete a data security risk assessment. While this aspect of the attestation process is often overlooked, experts say it is a critical component of successfully implementing electronic health records.

Many practices may take the attitude that simply implementing a certified EHR system is enough to earn them their incentive payments. However, Jared Rhoads, a senior research specialist with CSC's Global Institute for Emerging Healthcare Practices, told Becker's Hospital Review that more attention to security is needed to qualify for the meaningful use program.

A certified EHR program can bring a practice's security up to standards initially, but a more long-range view of how to protect data is particularly important.

"Security is not something [where] you can buy a piece of software and forget about it. It's something you need to revisit and maintain a continual review of," Rhoads told the news source.

The consulting company Fox Group says that most practices leave their risk assessment to the last minute, but that this can make it difficult to implement any security changes that may be required.